We try to do that at the beginning, especially for policy development work. Early engagement is always the best, based on our experience. They have a lot of good ideas, information, and experience to share, so if you can start your deliberations with the Privacy Commissioner at the beginning of your policy development, we think it is an asset, and you go from there.
To touch a bit on the question that you asked before, and this one as well, regarding the CBSA's written collaborative arrangement you were asking about, and the sharing of information either with levels of government or with international entities, for example, we always define specific elements of personal information to be shared. We always define a specific purpose of the sharing in our working collaborative arrangements. We limit the secondary use and onward transfer of our information, and we outline other measures to be prescribed by regulations, such as specific safeguards, retention, and accountability measures. In all of our purposes for information-sharing, there are always caveats regarding each disclosure that prohibit the activities, or the ongoing sharing of information, unless it's permitted by law or they obtain our permission to do so. Another way to make sure things are done the right way is through audit and redress as well.
Once you build the agreement and it's signed by the two parties, there should be no exceptions to the rules, because it's a signed understanding between two governments or two countries. Apart from audit, I guess you would not know if everyone is respecting their side of the agreement, but they're all in writing for us, when you're talking about agreements with other entities or international partners that are not covered in the consistent use provision that we talked about earlier.