You will have seen the work of some committees and some media reports regarding the ArriveCAN application. That work was not done in-house, and the app cost in excess of $54 million for its development, implementation and ongoing maintenance.
What we learned was that in the RFP process, some potential vendors were advised that the requisite security clearance for working on the system would be waived if they had an application in process. Someone who had applied for top-secret security clearance but had not yet received it was able to work on an app that dealt with Canadians' personal, biometric, health and, of course, passport information. Obviously this raises a lot of concerns about the integrity of that application. It also shines a light, perhaps, on the government's practices and its lack of care and concern for the privacy of Canadians.
I'm not sure whether you're able to speak to this specific example, but can you, for example, speak to the requirements in place for your members when they have to deal with information like this about Canadians and folks seeking services from those departments?