Yes, section 2.3 of the directive refers to some exceptions. Various sections of the directive do not apply to specific organizations, such as the Office of the Auditor General, the Office of the Privacy Commissioner, and a number of others that are mentioned there. Again, it is relative to certain sections of the directive that don't apply to those particular organizations, given their specific mandates.
On November 24th, 2009. See this statement in context.