That's part of the issue: whether subsection 5(1) of the Privacy Act provides a loophole so that, given SCISA, the broad Privacy Act framework doesn't apply to our security agencies in the way it should because they can bypass it if they're authorized under SCISA.
That's part of what's at issue here. I'm curious to know if you have a more specific opinion as to whether it's the view of government that the Privacy Act ought to apply in these situations first and foremost, or whether it's acceptable that other laws can bypass that broad privacy framework and allow agencies to disregard it?