Certainly, the former policy on information management had just four requirements; the new policy on information has nine. Then there is this directive as well as the directive on roles and responsibilities that are the companion pieces to the policy. Largely, we've gone to something that is much more explicit in terms of what the requirements are, how those requirements are to be implemented. The previous policies did not have as explicit a statement of consequences. I realize you have to go to the Financial Administration Act and the policy on consequences to interpret what that section 7 means, particularly sections 7.2 and 7.3, but those are some of the significant changes.
On November 24th, 2009. See this statement in context.