You'll allow me to draw on my previous experience in the field. I think that public servants, government administrators, are the same everywhere, regardless of the type of government. An act such as this is clearly not a very pleasant thing that makes life easier. It confers rights solely on citizens, and it imposes obligations on them. That's already discouraging, especially when a framework is provided for those rights. I think you nevertheless have to be very realistic.
The Treasury Board Secretariat has already developed this entire technique and these privacy assessment forms, which are part of the directives. I would be very surprised to see those directives applied uniformly across government as a whole. If the privacy assessment becomes an obligation under the act, I think that avoids abuses and errors as well. When an administrative reform is launched, when you need personal information to administer that project, what do you do? You always go after computer engineers who have all the right answers in the world with regard to security, but, nine times out of 10, have no idea what privacy may be. That, at the outset, is where the problems start, and then it becomes extremely difficult to make corrections. When you've realized that there was a problem, it's extremely hard and costly to go back.
I'll give you an example of a Quebec company that, to make its computer system compliant with the Privacy Act, had to spend more money on the upgrade than the initial cost to build the system. You'll say that happened a few years ago.
The guides published by the Treasury Board Secretariat are extremely well done. I don't see why organizations like the Royal Canadian Mounted Police, CSIS and others wouldn't submit to that. It's something prudent and prevents abuses. That directive exists. I think that making it an act is a wise move.