I think the recommendations that have been spelled out, first by the Privacy Commissioner and then by Roach and Forcese, are a good start. I think that expanding the role of the Privacy Commissioner, as it appears is being done—particularly the move to order-making power, which I was ambivalent about—is a good step in this regard. I was ambivalent about it regarding the private sector; applying it to the public sector I think is quite good.
It's a big question to answer. Generally speaking, it's just about putting proper safeguards in place. That's kind of a vague answer, but I can unpack it more carefully with respect to specific aspects of it if you want.