I can talk about that.
First of all, let me repeat that when PHAC and the lab in particular received an awareness briefing from CSIS, they themselves identified employees who were at risk. They flagged those employees and found, unfortunately, other concerns. Those are things they have done.
In terms of the lessons learned, I think it was in a couple of areas where they thought that some improvements were required. First of all was on the management of their technology and making sure that, for example, they can trace who is accessing what and when, especially on the administrative documents—not necessarily the research documents, but things like, for example, patterns and things like that. They have strengthened their technology system to be able to trace who has access to what and when.
They also have enhanced their security and facility access to make sure, for example, that visitors cannot move within the lab without surveillance and without being escorted.
They have done a lot of employee communication and engagement. This is a very important component because in order to prevent other situations like that, awareness is key. Employees can be vulnerable and sometimes they don't realize that they are entering into a co-optee relationship, so awareness is very important.
Maybe as a parenthesis regarding that, I think that what the lab went through and the exercise that you're doing right now is completely unfortunate, but at the same time, it helps other scientists to realize that these things are real and that they need to care about security.