Thank you, Mr. Chair.
I just want to start off by saying that I agree that it's concerning that departments aren't following the privacy impact assessments. It's a really important process, and the departments should be following that. Maybe that directive needs to be strengthened. I think there's value in this study when it comes to that. However, I think that we should be careful about our rhetoric and about not using our words correctly. For example, spyware is not something that the Government of Canada uses. Spyware is illegal. Technically, it's malware or a malicious code. The Government of Canada does not use any of that.
The software that we're talking about is specialized software, and it's used in digital forensics, so as part of incident response. This isn't something that applies to Canadians in general. It applies to public servants who work for the Government of Canada, and it's specialized software. For example, it's used in internal investigations—so, when employees are suspected of fraud or of workplace harassment—and it's always done in accordance with internal protocols that govern the collection and storage of personal information to ensure its protection.
I'm just cautioning the committee to not use so much hyperbole. We don't want to spread fear among Canadians. This is not a widespread program that's being used across the board. It's being used internally to monitor employees of the government. Yes, I agree that there should be a study done to look at why the privacy impact assessments haven't been done by the departments, because that's the key here. That is what we need to get to the bottom of, and that's what we need to impress upon our departments: that it's very important that we do this work.
That's all I have to say.
Thank you, Mr. Chair.