I believe the term the commissioner used was that it was “an insult” that this sentiment was felt.
Throughout the testimony of the departments accused of not following the Treasury Board privacy policies, we received a number of different responses. Some stated they have the tools and are using them, but are now completing a privacy impact assessment. Others stated they completed a general PIA that covered the tool, rather than specifically analyzing the security concerns of this invasive technology.
Is it concerning to you that 13 departments using the same tool have completely different definitions of what “compliance” means when it comes to following the PIA?