Thank you, Mr. Chair.
Thank you, Professor Lareau, for joining us again here today.
I know that you've indicated what the government has done with respect to the incident response. My understanding is that when a breach of this kind happens, the CRA individually notifies each affected person, and then the TBS and the privacy office would report regularly on the privacy matters and information would be available on government sites in some capacity.
Can you talk a little bit about what would have been an effective incident response plan to this data breach?
Part of the reason I'm asking is that our goal in the work we do in committees is to find recommendations and make sure that we're making improvements along the way. I know you've talked a little bit about what should have been done. Can you provide more recommendations and talk a little bit about the data protection breaches and what responsibilities should be put forward as well?