I'm in general agreement. There is a recognition in most privacy statutes, and even in the public sector, that you collect information for a purpose. It has to be authorized by law or it has to be reasonably connected to an operating program of the public body. That information can be used for that purpose or for a use compatible with that purpose. There is a body of case law, within the commissioners at least, that talks about that: what is that compatibility?
I think part of it has to do with a direct connection. Is there a direct connection between tracking somebody's status leaving and determining whether there's a likelihood that somebody's going abroad to engage in terrorist activities? Those are both national security contexts. You see those as being relatively adjacent and possibly justifiable. CBSA sharing that information with CSIS might make sense in the circumstances, but that should be under an information-sharing MOU that should be available for public scrutiny. If they want to share it with the tourism department, for example, I can't imagine that being so directly connected.
The nature of the information needs to be taken into account. How sensitive is it, and really, on balance, is it worth doing this? You also have to be mindful of Canadians' expectations. You can always think that any little bit of data the government has can probably be useful someplace else. You need to think about whether it's reasonable in the circumstances that it would be used in that other place, particularly when you look across the very broad diversity of government institutions. The Department of Health provides primary health care to the aboriginal people of Canada. That's a huge amount of very sensitive information about individuals that should never find itself over in Stats Canada, other than in the aggregate, or that shouldn't find itself over in CSIS just because the government of the day has decided to knock down the walls between the departments.