The situation you describe is exactly why I say it is essential to look very closely at the legal framework within which either data will be shared from one department to another, or a second department will be able to reuse data that the first department has à la Estonia.
It starts with the right legal framework, which limits the circumstances where a department calls on a citizen because another department has offered a service. That's extremely important. We have rules already in sections 4 to 8 of the Privacy Act. Yes, they can be reviewed, but it's not a bad place to start either. That's an important part of the foundation. Then I think the technology follows the principles that have been adopted with safeguards ensuring that, technologically speaking, data banks cannot talk to each other unless there's a legal authority to do that.
It starts with a well-defined and well-thought-out framework. Call it sharing. Call it reuse of information.