I'll start and then ask Mr. Proulx to add his comments.
The first thing, as you mentioned, is the training that's provided to our employees, so that there's an awareness of the act and how it applies to our operations. We have different types of training for different situations, from online to in-class to very specialized sessions for people who have particular functions within the organization. That's a key element.
Awareness is something that I support at the executive table and through different activities that are conducted on a regular basis. That's the awareness component.
We do a lot to prepare ourselves in terms of understanding the implications for privacy of different programs. We have privacy impact assessments that are prepared and occasionally refreshed, depending on changes in our environment in the program. We do consultations with the Office of the Privacy Commission on those. We have a clear understanding of what the implications are for us. We have mitigation measures that we can put in place whereby we identify potential risks to privacy due to our operations. Those are a couple of things that I would identify.
Dan, is there anything else you want to add?