That's right.
I guess the question then is that we already have a governance model in place. We have been told multiple times that it is insufficient as it relates to the Privacy Act. However, that would be the governance model that we're looking at.
Is it so insufficient as of today? It governs data sharing between institutions already. Just by virtue of the fact that I'm now allowing these agencies to interact, and let's say the population register is a starting point, it doesn't seem that worrisome to me, given that these agencies all have this information and it will allow me to access these services in an easier way.
As a starting point, say we didn't even update the Privacy Act—although I think we should make recommendations on that front again. I don't really understand how the governance challenge is different, because we already have a data governance framework in place—the Privacy Act.