Yes, and that is the main concern.
First and foremost, we don't have any data that says there are issues with protection of the information.
The second thing is that the small organizations, where it would be easy for someone's identity to be found, are exempt from being covered by the creation of senior officers and the creation of a process internally, because it's too delicate, so there is a certain protection that exists at that level.
As well, they're covered by the Privacy Act, which ensures that the information is not to be divulged in any way, shape, or form. That is one of the main tenets of the act, that the information is not to be shared.