Since this was something that happened at a very high level, I'm going to ask Ms. Juneau to explain the details of the relevant procedure.
There is indeed a procedure within the Agency. We work with the Agency's security officer, who is our first point of contact. Incidents must be reported to that person, and that person must prepare a report.
A bit earlier, we spoke about the criteria we use to assess how serious the breach is. Ms. Juneau is consulted to determine whether there has been a breach of privacy, and if there has been, the measures to be taken are discussed. If the risk evaluation matrix provides for it, we contact the taxpayer. That's part of the steps to be taken.
Ms. Juneau, would you like to add something on the subject?