Certainly. Thank you, Mr. Chair.
There are really two elements to protecting the data. There is protecting against unauthorized access. We're talking about data breaches and attacks on our systems. That's obviously a continuing effort for us. We have a great team on that. That's not my expertise, but I do know that we have a very good data team in place. We test our systems constantly. We host in a very secure manner. We try to secure against any and all attacks. That's one sideāthe unauthorized access.
The other side, of course, is authorized access but inappropriate use. That would be where someone who has access in a limited capacity to the database would access information and use it in a way they were not authorized to do. We have significant policies and processes in place to minimize the impact or the opportunity for someone to do such a thing.
First and foremost is obviously limiting access to that data, so that, as my colleagues have mentioned, only people who have a need to access it have the opportunity to do so. Any of the information they do access is logged, and they are required to provide the reason for this access. If and when it's used in an inappropriate manner, we have methods, both internally and, if necessary, with the relevant authorities to.... We would co-operate fully with any investigation if there were any breach of our privacy policy or, of course, any loss.
There are two elements to it. As far as protecting our data, we have a great IT team for that. Our data security is a continuing matter. I was just talking this morning about some of the firewall protections that we're updating. The other side, which is where people have the key but want to use it in an inappropriate manner, is primarily where our policies come into play. Certainly, the procedure is that we limit the breadth of access to data that any one user can have at one time.