In some cases the firms you're working with will have best-in-practice security and privacy measures in place, so it's not necessarily a problem. This has long-standing been a challenge of government relying on non-governmental players for its work. Just by virtue of developing a product or a service or a strategy, you end up learning a lot about the nature of that program, the users of that program and what impact it has. I think this is where we start to see the gutting of the state's knowledge. The more your relationship with service users or with stakeholders or with your program is mediated by a contracted party, the less you know about your own operations. Governments are actually becoming dumber the more they contract, which has this vicious cycle of meaning you contract more because you don't have the knowledge.
It's a genuine concern. It exists in the IT space especially because there's a lot of data and information, but it's always been a reality of government outsourcing, whether that's with management consultants or non-profits. It's always a real challenge, how you close the loop on making sure that any information that is produced through that program you're outsourcing goes back to the policy-making—