Sure, fair enough.
I have one other point to quickly clarify, if we could. You both deal with incredibly highly sensitive information, as we've learned even more so today.
With recommendation 2.6, the Information Commissioner has indicated five points “in which confirming or denying an existence of a record could reasonably be expected” when these are at play. The five points being:injure a foreign state or....any state allied or associated with Canada...with information in confidence;injure the defence of Canada or any state allied or associated with Canada, or the detection, prevention or suppression of subversive or hostile activities;injure law enforcement activities or the conduct of lawful investigations;threaten the safety of individuals; ordisclose personal information, as defined in section 3 of the Privacy Act.
Those are the five instances that the Information Commissioner has suggested in recommendation 2.6.
Does that suffice? Is there something else you'd like to add to that? Are those hurdles in any way in either of your departments?