Sure. Currently, there's no legal obligation on departments or the RCMP for doing this. There is a policy from the Treasury Board and there's a directive. Those policy instruments require that PIAs be done when there's a new program or new use that could potentially be having an impact on the privacy of Canadians. There's a requirement that my office be notified early enough so that we can provide meaningful input. The idea, again, is to reassure Canadians, and also to ensure that the information and advice is there.
But we see situations like this one, where this is done very late, after the tools have been used for some time, so we're not in a position where we can address or prevent. We're in a reactive mode. Our advice and recommendation, or my hope, is that this be made a legal obligation in the Privacy Act, because then there hopefully would be more timely compliance with this requirement.