I would say your statement really underscores our position in relation to information-sharing agreements and to ensure the Privacy Act is more specific in that regard. And what you say has also been the object of the O'Connor report, where Justice O'Connor specifically requires that a much stronger framework apply to information-sharing agreements to ensure the protection of privacy, to ensure that information that is shared is accurate, as well as to make sure that personal information is not shared with states that do not have a human rights record, and that is precisely what we put forward. To contrast law and policy, as the commissioner has said, Treasury Board Secretariat has issued guidelines that seek very much to address these recommendations, and yet in our 2003-2004 report we found quite a few deficiencies, looking at information-sharing agreements.
For example, the information to be shared as described in the information-sharing agreements was far too general. The protection clauses, meaning how the information was going to be secured once shared, were also very vague. We also found that only half the agreements contained a third-party caveat, meaning once we give it to one party, it cannot share it with a third one.
The majority of the agreements did not provide for consistent use, meaning the information could not be used in a way different from the objective it was shared for. And finally, the vast majority did not contain an audit provision. So, absolutely, we are in complete agreement as to the necessity to have stronger provisions in the Privacy Act in relation to information-sharing agreements.