With regard to being consulted on a PIA, I'm not suggesting that every time an ODIT is being sought in a given investigation we would be consulted—not at all. What I'm suggesting is that a PIA should be done on the program and on those tools, and that we be consulted with respect to this program and those tools generally, so that we can provide input as to whether the process as a whole is sufficient to protect privacy—not with respect to specific cases.
On August 8th, 2022. See this statement in context.