The Treasury Board recognizes the need to review its data-matching policy, which dates back to 1989. A survey done by Treasury Board a few years ago demonstrated that there was very little understanding of that policy. That's the first problem. There's almost a kind of public servant education imperative here.
The second problem is that the policy, as it was defined in 1989, is very limited and very narrow. It allows for front-end and back-end types of matching, but it doesn't include new phenomena like data aggregation and data mining. Basically, there are private vendors selling data mining capacity, and governments are purchasing those services.
We believe a more expansive definition of data matching is needed. We've had repeated discussions with Treasury Board about that. I think they recognize the problem. However, we haven't seen any movement on a renewal of the data-matching policy. Our audit group has written to deputy heads, asking them about their data-mining practices, and we have gotten, I would say, very limited response. So that's an issue.