It's very difficult, because information moves and is very difficult to track and can accrue in different places and different databases.
The accrual of information in the hands of different agencies is a perennial problem, so there are safeguards. The first safeguard is on collection, in that historically, privacy has been about restricting the capacity of government to collect information in the first place. Then, once it's collected, there's the issue of retention and use, so safeguards include limitations on how long information can be retained in a given database before it must be expunged, as well as information on how it can be used, and in “use” of information, we also include sharing.
Putting in place protocols that mitigate the spread of information through government agencies is probably the best we can do, coupled with effective auditing thereafter to ensure compliance and conformity with those dictates.
I suspect Ms. Pillay may also have some views on that as well.