That's a fair point.
I was thinking more of putting it in the context of the Privacy Act specifically, rather than in SCISA per se. It gets to the final authority, as it were, between SCISA and the Privacy Act. Perhaps the Privacy Act would make it crystal clear for the recipient agencies that when information is shared, not only must it be necessary for their mandate, but they'd have to operate strictly within their mandate, given that we have seen, at the very least, some worrisome behaviour from agencies.
I want to get to the resources for review. We have a lot of information sharing among government agencies. We have the Office of the Privacy Commissioner, with respect specifically to SCISA sharing, which has had some difficulties in obtaining all information from departments. We talk about whether the Privacy Commissioner's office has sufficient resources to do an adequate review of information sharing. Should they have the power to compel the deletion of unreliable information? If not the Privacy Commissioner, should we be looking at, in the context of SCISA, as we have heard, a super-SIRC type of body that would be able to look at information shared among government agencies?
How do we tell Canadians and show Canadians that we have a review body that is seized with this and ensure that privacy is in fact being adequately protected?