Again, I don't want to stray too far, Chair, into the realm of conjecture, but I think I can say that as a consequence of deepening our culture and our training and our awareness of these issues, one ought to be able to expect a higher standard in the future.
As I indicated before, the code of ethics includes both the range of disciplinary action that can be taken and the obligation for personal information protection. To the extent that we deepen the cultural awareness and the rigour and the extent of the training and so forth, in this issue particularly we will be able to raise the awareness and commitment of employees. I have to say that of course we have many areas where public servants have mandatory obligatory training, and that is appropriate. As our CIO knows only too well, and we all do as managers, the area of information technology security and information management is itself becoming more and more complex and broad and intertwined, and in order to achieve that desirable state of culture that I've referred to here, we do need to raise our game in terms of awareness and commitment of employees.
Against that backdrop, I think that employees should expect that we will be going about this in a strict fashion.