The trend in jurisprudence is that when you have an administrative decision-maker, such as the Office of the Privacy Commissioner, the courts are highly deferential, including sometimes with respect to charter issues. It's something that the David Asper Centre has been tracking and is concerned about. They're concerned that on charter issues, the courts actually have the last say on a standard of correctness. That's worth putting in.
The rest is, yes, to build in the charter review initially, because you can have Privacy Act compliance that still raises charter issues. You can have information sharing that is perfectly compliant with the Privacy Act as it now stands, or even compliant with the Privacy Act if you amend it according to the Privacy Commissioner's recommendations, but would still raise charter issues.
That charter review shouldn't be bolted on after the fact and the burden of it be placed on citizens. It should be built in from the start.