Thank you very much for the question.
Mr. Chair, two types of actions were taken in that regard. One is more technical, and the other is about employee education.
From the technical standpoint, we're continuing to implement measures. In fact, I alluded to them in my preliminary remarks. They have been and are continuing to be put in place, in order to better document and control employee access to Agency databases and applications. As I was mentioning, reviews are done twice a year, to ensure that if there are changes to the duties of certain employees, and access needs to be reviewed, it's done.
Improvements were also made so that an "audit trail" can be created in the National Audit Trail System. This makes it possible to detect accesses not tied to certain duties, and to notify managers of those accesses. So measures were put in place so that managers can receive automatic notifications of this kind. For example, I might need to speak to Ms. Juneau because I received an indication that she accessed some information that doesn't seem to fit with her duties. Several applications are subject to this type of audit.