Since the Privacy Commissioner's audit has taken place, forms have been developed to put out in the field for officers to record what information they have shared. Those forms are provided to the regional offices, which can then choose to go out and audit particular ships or ports, etc., on how they're sharing information. Eventually, the agency would like to see this automated so that it's not done on a paper form, but I think that's probably a system development for some time in the future.
When the audit was done it was at a relatively early stage in the creation of the agency. While the audit was focused on customs information specifically, the agency took the view of taking the lesson that we can learn from this to better protect all the information we have. One of the things we've been working on is a new information-sharing policy for within the agency, particularly for sharing intelligence information and the documentation of that--the training of staff on when they can provide information outside of the immediate area of work within the agency, to other parts of the agency, to other departments, and to other governments, and how to go about recording what you've shared, why you've shared it, and with whom, those sorts of things. So those practices have more rigour around them than they did at the time of the audit.