I would say probably both, actually. The situation currently is that most federal political parties have privacy policies—internal codes of conduct, so to speak, in their relationship with the people with whom they interact and from whom they collect information. That's a start.
I think, first of all, the substance of these policies could be improved, from what we have seen. One common element missing from the privacy policies of federal parties is the right of individual electors to have access to the information that parties have about them. That's a huge flaw. There is, then, the issue of the substance. But these are voluntary codes, and no one independent of the parties examines whether the parties actually live up to the promise they're making in these policies. That leads me to a very important reason that political parties should be governed by legislation: to ensure that whatever substantive rules exist, hopefully better than what they are now, are verified by an independent third party.
Should that independent third party be the Privacy Commissioner, the Chief Electoral Officer, a third person? That can be discussed, but I think that what this leads to—leads me to, at least—is that there are at least two types of issues at play here. There's the issue of privacy and whether parties treat the personal information of individuals properly, which is a privacy issue that would make me, perhaps, the best person to look at the question. Then, the allegations that we have been seeing in the past few weeks lead to a mix of the use of personal information and privacy on one hand and political purposes on the other, which is more the domain of the Chief Electoral Officer. Ideally, I would say, the two institutions would be able to verify what is happening so that the expertise of each is put in common.