The Privacy Commissioner basically conducts an assessment of our privacy framework every second year. So far he has conducted two audits, and he is in the process, in fact, of finalizing his third one. On every occasion his conclusion has been that we never disclose information for purposes other than those provided for under the legislation. Therefore, I'm quite confident that this mechanism works well.
There are other things in our framework. People have access on a need-to-know basis and that kind of thing. So internally there are a series, if you wish, of mechanisms that ensure that the information is properly protected.
But as a third party, the OPC does that on a two-year basis.