There are a couple of ways I can answer the question. The first is to say that in our reviews of RCMP activities and the conduct of individuals and incidents, we use that to inform broader systemic issues, so we will also be looking at internal processes within the RCMP.
We're approximately 60 people in our organization, and the RCMP has roughly 30,000 employees, so it's impossible for us to look at individual files.
My point is that we spend a lot of time reviewing practices and procedures to ensure there is effective internal oversight of the RCMP itself. Part of the answer, I guess, would be that we're looking to make sure that somebody is verifying, especially for that type of sensitive information sharing, what types of policies and procedures are in place to make sure there is sufficient scrutiny, potentially centralized control, before it happens.
The second part is that disclosure of personal information in the scenario you have described is a matter for the Privacy Commissioner. That is an area that would have to be reported. That breach of personal information being shared would be reported to the Privacy Commissioner.