Pilgrim's a puppet
But he's also a lawyer, so what he says will sound good, but as is everything else he does (or doesn't), it just aids the government's plan.
As for Privacy Impact Assessments, how will they be anything other than a rubber stamping exercise? Start big data slurping project, plan it top-down with impact assessment, begin work, miss deadline, find complications... I mean, how will an analyst writing a privacy impact assessment have any hope of predicting the problems before they begin the work? It's not like they plan with data architects that are properly deep in the data, let alone develop the solution with one, or even the few they'd need to ensure appropriate peer-review. And how will peer-assessments stop them de-scoping these projects technically, side-stepping the original plan, (and the aims of its PIAs) and still delivering a poor outcome without (the usual) poor and unexpected results?
NB. PIAs or PItAs?
BTW: Sp. though=thought