On issues of non-compliance, as we did in this case, if there's a question, we would follow up with the department or agency and delve into the matter as to whether or not a PIA was indeed required. If we're in disagreement with the department on the topic, what we can do is ask them to report on it through their annual report.
Of course, with regard to compliance, the Privacy Commissioner can do the same in terms of following up, looking into the matter and launching an investigation.