Sure.
Yes, the application of the Privacy Act would be part of this, as would the lessons learned in the application of the Privacy Act otherwise in government to national security agencies. I think it's important that national security agencies be covered by specific rules, as in Bill C-59, but also by the legal regime of the Privacy Act, because these are emanations of the state, and as with all emanations of the state, they should be covered to the general rules applicable through the Privacy Act.
As an example of how we might add value, about two years ago we reviewed an incident involving the unfortunate but unlawful disclosure of metadata by the CSE to the Five Eyes. We played a very specific role. We did not look at all of the situation, but we looked at sufficient parts of it to examine the importance of metadata to privacy. We were able to look at the deficiencies, make recommendations on how to improve things, and play a public education role to make sure that the public was informed of the importance of metadata for privacy protection. That's something we added.