Mr. Chair, just for clarity, while I won't speak to specific cases, the individual was a CRA employee and not an employee of the Department of Finance.
Mr. Chair, I do want to state that the CRA has strict policies governing the security, physical assets, and the confidentiality of taxpayer information. We continuously evaluate and review our security policies and practices to ensure that taxpayer information is safe and secure. Our current CRA policy speaks to the fact that protected information cannot be copied onto any other media unless it's encrypted. However, in the particular case that the member references, there was information that was downloaded onto an unencrypted CD. I can confirm that, contrary to what was reported in the media, they were not complete tax files that were downloaded. There was information related to certain personal data but it was not 2,700 tax files.
We are, Mr. Chair, currently strengthening our policies and processes to put in place mechanisms to prevent this from recurring. We are reminding staff that this is key to our integrity. More importantly, we are putting measures in place to prevent the downloading of unencrypted emails. We are also working very closely, Mr. Chair, with the Office of the Privacy Commissioner to strengthen the triggers for our engagement with that office, and we're also working with them concretely to put in place a set of criteria to assess the risk when that occurs.