I think the way the mechanism is done--the watchdog, the mechanism, the framework that was set up in the legislation.... There is what they call the four-to-eight. The Privacy Commissioner has audit powers, and she and her staff can come in and do an audit of whether or not they're managing four-to-eight. That's on the collection--which is what I referred to--and the use and disclosure of personal information. So the way the regime in the act was structured is that the commissioner, who has audit powers, can go in there. It can be done also based on a complaint from an individual that it's not being done properly.
So that is the mechanism. The act did not set up a situation where both Treasury Board and the Privacy Commissioner would have the same role of auditing. They specifically gave the Privacy Commissioner those audit roles, subject to, of course, complaints by individuals, which I mentioned.