We actually had many processes in place to prevent it from happening. As a result of this, and particularly around the OPC's report from 2013, we strengthened those processes. But we did have front-end controls that looked at managing carefully employee access to CRA systems.
We do have back-end controls. We are putting a system in place over the next two years that will strengthen that. We do have the ability to monitor employee access to our systems and what information they're looking at.
All through 2010 to 2013, we revised our privacy policies and procedures. We implemented a new discipline policy. We strengthened our training and awareness programs for employees. That began in 2010 and continues, but the bulk of that work was done over the last three years.