The responsibility for enforcement of the legislation rests with the Privacy Commissioner, and the concept of having a third-party audit, which I think is a very good one, is something she has brought into play. I think the Privacy Commissioner is best placed to answer that kind of question.
On May 29th, 2012. See this statement in context.