The privacy impact assessment framework that has been put out by Treasury Board I think reflects a lot of thought that went into it, and I think there is no information to suggest that it's not being properly implemented. I think what this recommendation reflects is that it's a very important practice; it's a very important tool to understand the context and the consequences of any change in government programs, be it data matching, be it extending a program or otherwise, and to make it mandatory, much more so than simply a guideline. There's no accountability for not following a guideline, other than potential employment consequences.
So the issue, ultimately--particularly combined with the ability for the courts to enforce it and to order it--is to make sure that these things do take place.