If it is the case that your officials are already working with written and explicit guidelines for how to perform disclosures or receive information under SCISA, do you think there would be any operational consequence for trying to put some of those guidelines into law so that those ways of disclosing or receiving information under SCISA apply fairly across departments, so that Canadians have some confidence?
That's not to impugn any of the organizations that are here today, but it's a fact that part of being able to live safely and securely also means having confidence that, when information is shared, it's done properly. Canadians don't typically have access to internal policies and guidelines, and they want to know that if those are breached, there will be consequences. We have seen instances where government sometimes doesn't follow its own policy, whether it's a Treasury Board policy or otherwise, and there aren't consequences for that as a result. With respect to these kinds of issues, Canadians would like to know that if there is a breach of those guidelines, there will be consequences.
If it's a matter of writing a better law to make legal, or write into law, some of those guidelines, do you foresee negative operational impacts on your organization?