I wasn't in this position at the time. However, I gather that it came as a surprise that not all the requirements were clear to the departments. Departmental programs and activities had to undergo a privacy impact assessment. The measures were in place for this to happen in most departments. However, the current version of the directive on privacy impact assessment gives departments some leeway in deciding whether to update the assessments if these new technological tools are used. This leaves room for interpretation.
That's why the minister explained that the directive would be updated. We'll be introducing components that specifically explain that the use of new technological tools requires updated assessments.