Thank you, Mr. Chair.
Mr. Dufresne, I'd like to continue on the issue of privacy impact assessments, which we've just been discussing.
I imagine you're familiar with the Cellebrite company. I understand that its tools are being used by the Canadian Security Intelligence Service and the Department of National Defence, among others. However, I also understand that, even in the context of a judicial authorization or an internal investigation, the government still has an obligation to carry out a privacy impact assessment. If the government fails to do so, it's in violation of its own law.
I'd like to know what we can do about that. What sanctions can be imposed, or what should be changed to prevent that kind of situation from occurring?