All right. That helps me understand things a bit better.
I'm not sure who mentioned—actually, I think it was Ms. Rooke who stated it—that in the past year you have done two privacy impact assessments. Why? What motivation was there to do these assessments? Currently under the Privacy Act it is not required; this is one of the things the Privacy Commissioner is requesting. In fact, she wants all government departments to do this—this is recommendation number 3. I know that Treasury Board has talked about something similar, but I wasn't aware that it was actually required of all departments.
Do you have legislation or regulations that cause you to do these impact assessments, or are you simply doing them from your own sense of responsibility or due diligence? What would be the motivation behind these?