We actually have a foundational operational policy, and that policy is entitled “Protecting the Privacy of Canadians and Ensuring Legal Compliance in the Conduct of CSE Activities”. I'm responsible for operational policy within our organization, and that's the foundational policy. All other policies stem from that. This shows you the importance we attach to the privacy of Canadians.
We're required by law to implement measures to protect the privacy of Canadians. That is stipulated in the National Defence Act. We have ministerial directives and ministerial authorizations that then further emphasize that. We have training in place for anyone who would be accessing information within our systems, etc. This is extensive training that we don't just produce for people who work within our organization. We actually go to partner organizations and provide them with training to make sure that they understand exactly what our mandates are, etc.
Beyond that, we have compliance regimes. We have internal oversight. We have our own audit and evaluation shop that reviews our information sharing and privacy practices. As I mentioned in my opening remarks, we have our own legal unit that reviews these practices, as well. Provided by the Department of Justice, they're there to provide us with legal advice.
Then we also have external review where we have.... I think you've had our commissioner appear before you here as a witness. We have independent and expert oversight with regard to our activities, and as I mentioned in my opening remarks, our commissioner produces an annual report that looks at our privacy practices.