I will go back to some of the earlier remarks I made: you can't think of safeguarding privacy just in terms of the administrative processes for sharing information; you have to look as well at the technical systems that we're building. You have to think about it at that level, so that you know how to build those systems and you can put in the safeguards that you should have a legal obligation to have. It's difficult to bolt them on after the fact. It's possible, but it's usually expensive and difficult.
You think about it up front. When you are building processes, you need to think about privacy up front. You think about compliance with the charter up front, and you build it into the technical apparatus that you construct up front.