Thank you, Chair. I'll go as far as I can, given that the advice I give the government is necessarily between my minister and me.
I can't speak for other departments, but I can point to the fact that the Treasury Board itself has directives and policies in place that do apply to all departments, including HRSDC. It is the responsibility of departments to apply those in a manner that is relevant to their mission. For our part, we seek to do that.
I can tell you that there are mechanisms at the officials' level within the bureaucracy to review and stay on top of these issues, and to learn from any incidents that occur in order to adopt best practices and to continue to make the business culture of all departments as sensitive as possible to privacy and IT security. The Treasury Board does have a responsibility to update their policies and directives from time to time. That's, generally speaking, the regime that we live under.