Thank you, Mr. Chair.
Thank you, Commissioner, for being here today.
I'm a recent appointee to this committee, so I don't have the long institutional memory that many of my colleagues here have. I just want to follow up a bit on the training or the provisions for members of the community to know what their obligations are.
On page 11 of your report, relating to the mortgage brokers, you indicate:
The Mortgage Brokers, Lenders and Administrators Act, 2006 requires mortgage brokers and agents to undertake specific training concerning the provision of mortgages. While we found that brokers and agents had undertaken this mortgage training, no agents from the mortgage broker companies that we audited had been provided with formal and ongoing training under company-specific privacy practices, or their responsibilities under PIPEDA.
I think it's quite possible and probable that many of the employees or individual brokers or agents had actually acted in ignorance and may not have been aware that there actually had been a privacy breach.
Now, I'm sure that most departments have strict safeguards to ensure that personal information is secure and that their employees are well trained in their efforts to protect their documents. I understand you said a few minutes ago that in your next three years you're going to focus more on the training aspect, especially related to private agencies, but my question is, what kind of current training does your department do beyond what private companies like this, or even individual departments in government, would provide to their own employees?
The second part of that question is this: if you could guess, what percentage of the breaches that occur would you think are simply human error, or ignorance, as opposed to wilful ignoring of the guidelines?