To be clear, as the designated minister under the Privacy Act, I'm responsible for the administration of the act. However, the deputy heads are responsible for implementing Treasury Board policies. I am currently updating the directive on the privacy impact assessments.
I will say that programs and activities require a PIA, not the forensic tools themselves. In fact, a majority of those departments are conducting a PIA. We have reached out to them numerous times, as well as to the Privacy Commissioner.
My CIO, Dominic Rochon, can add to this.