Information & Ethics committee  That's fair. I just want to comment on one aspect of it. We do work very closely with both commissioners for the very reason that we want to make sure that the legislation or the policy is well implemented in departments. And on a few things you made note of--I think on the priv

Information & Ethics committee  There is policy around the use of electronic networks, which really allows people to have access to systems and so on, so there are very strict policies.

Information & Ethics committee  If you're outsourcing something, it suggests how you need to word the contract to protect Canadian information that might be held by the outsourcer.

Information & Ethics committee  May I answer in English?

Information & Ethics committee  In the area you're talking about, if there were to be sanctions or whatever, PIPEDA needs to deal with that with respect to private industry. As Mr. Lemieux says, it's a criminal matter when information is stolen, so we're into the criminal side of this process. Identity is an a

Information & Ethics committee  I agree. It's a leading-edge area for all of us: the Americans, the British, the banks, and everyone else. It's an area we're very active in. The possibility exists that we will put some controls in place. From a policy perspective, what that means in terms of legislation--

Information & Ethics committee  That's a very good question. It's one of the challenges of the role of CIO. There are a number of different groups within the CIO branch of Treasury Board Secretariat. Mr. Lemieux has the privacy and access to information people. We have a group that focuses on what we call ent

Information & Ethics committee  This is where privacy starts to drift into security. We also have the security policy for the Government of Canada. When we look at security, I'd say there are three main areas. One is the physical security of our buildings and facilities. The second is personnel security and scr

Information & Ethics committee  This falls within the broader space of policy suite renewal. Before we began the exercise on policy suite renewal, the Government of Canada had a whole series of management policies that departments needed to follow. I believe that the number of management policies when we began

Information & Ethics committee  I should just clarify. They're policy requirements.

Information & Ethics committee  Mr. Lemieux will correct me, I'm sure, but I'm thinking that when we look at this, part of it is that the privacy impact assessment to some degree marries in with this process. So although you're collecting information, part of it is impacting it, and that's a very transparent pr

Information & Ethics committee  They are a mandatory requirement because we've established that as a directive under management policy for the Government of Canada. The reason I say they are mandatory is that these instruments the secretariat has put in place are mandatory for heads of institutions to follow. I

Information & Ethics committee  We understood that requirement was suggested. It is in fact a requirement of the current policy. Mr. Lemieux is just pulling out that piece; perhaps you want to refer to it. I think it will answer the question. But it is well understood by departments that they must follow throug

Information & Ethics committee  Meaning that the two acts being under—

Information & Ethics committee  I don't think so, because fundamentally we're looking at the Privacy Act, which is with the Department of Justice, and the Access to Information Act, which is with the Department of Justice. PIPEDA, which really focuses outside of government, is with Industry Canada, and I believ