I'll start by saying that I think we do need to flesh out some of those issues. I think it's an important one, and I'm glad we've had the opportunity to talk about it.
For some of the kinds of information we're talking about, consistent with some of the remarks David made at the very outset, there isn't a consent issue there. Some of it will get collected. That's simply a fact. There is this spectrum, and I think David referred to it, where there are certain kinds of uses that don't raise particular concerns or perhaps are sufficiently important that we would say, yes, you ought to be able to use it in those circumstances, provided it's appropriately documented and there are the appropriate kinds of oversight.
There are also, even implicit in your question, departments whose interest in the information may not be in the personal information, per se, but rather in the aggregated data. On the private sector side, the way organizations often deal with information is to say they don't really care about the individual, but they do care about that aggregated data. There may be aggregated data where we can say that as long as we're able to separate that out and find mechanisms to remove the personal side from it so that it's used in an aggregated fashion, there's actually a lot of value, and government can act in a smarter fashion.
It's probably a somewhat unsatisfying answer to again come back to “it depends”, but what we need are rules that recognize that there may be times when those secondary uses can happen without implicating the personal side of personal information. There may be secondary uses that it's kind of nice to have. In those circumstances, appropriate levels of consent seem to me to be the order of the day. There may be instances when it's essential to have access to that information. We need a sufficiently robust oversight and reporting system that doesn't necessarily stop the sharing in those circumstances, because we recognize the import of the sharing. Rather, we need a system that ensures that there is not misuse and that there is appropriate transparency associated with that activity.