This is where I'll end.
In terms of the use of that data, one of the concerns that's been raised, and this has happened, by the way, when health records have been subcontracted to an American company. The American company then is exposed.... Some of the committee members will have constituents that this has happened to. Health records get exposed under the Patriot Act. A Canadian crosses the border; there's a trigger that comes up because the person, under their health information, had—I don't know—accessed mental health services, or some issue, and then they get stopped.
It's a disturbing thing, as you can well imagine, that information like that would suddenly end up in the hands of a U.S. border guard when it has nothing to do with....
Our concern is, what real protections can we have that the IRS, under the Patriot Act or other provisions under U.S. law, completely outside of our control, doesn't allow that financial information, which one might argue is as sensitive as health information? You can learn a lot about a person through their financial records—a lot; more than maybe you should.
Considering the nature of data breaches that have happened both at the CRA and the IRS in the last number of years, how do we control the U.S.? Once that information enters the U.S., it is subject to U.S. law, and we can't control what the U.S. does with that information once it crosses the border.