If the process at CRA works really well and the minister is informed relatively shortly after—you're made aware of privacy breaches that happened over multiple years—it is reasonable to assume that you or your predecessor were made aware of these privacy breaches well before the March deadline that the Privacy Commissioner needs in order to include these privacy breaches in their annual report to Parliament. Why was it that these privacy breaches were reported to the Privacy Commissioner after the deadline, when your own testimony suggests that you would have been made aware of these privacy breaches well before the deadline to report these to the public?
On November 21st, 2024. See this statement in context.