Very well, but that is in terms of legislation.
In my previous career, as an engineer, I managed databases. If we did not want people to disclose or consult information they did not need as part of their duties, we would implement mechanisms to that end and monitor the people consulting the registry. This is what is currently being done with the registry at the Société de l'assurance automobile du Québec; access is being controlled so that unauthorized people who consult files or disclose information can eventually be identified.
It is not enough to have legislative provisions. I want to know the concrete mechanisms you plan to implement to control monitoring, if you will.