The entities co-operate well with us. We have regular meetings with the CRA on privacy breaches and privacy issues.
Our overall investigation of the incidents from 2020 to 2023 found that there was sometimes a lack of co-operation among the departments themselves. Representatives of a department could say that the responsibility didn't lie with them, that Shared Services, for example, was responsible, or the Treasury Board or the Revenue Agency. We stated in our report that working in silos was a problem.
It doesn't matter to Canadians which department is responsible for the problem. They deal with the government and need solutions. One of our recommendations dealt with that very subject.
However, we are still seeing, as I said, that the official notifications of breaches are unfortunately still coming to us too late and that the seven-day deadline set out in the Treasury Board policy is not being followed.