Thank you.
To go back to the evolution to the API/PNR program, the API—the advance passenger information—is the biographical information; that program's inception was in 2002. Then we further included the receipt of information on travel, which is the passenger name record, your itinerary.
The Office of the Privacy Commissioner was not pleased with our having access to information on everybody travelling to Canada. They had serious concerns. Because of those concerns, we have done and continue to do a lot of work to monitor the systems. We have a set of 43 commitments in place with the European Union. Those commitments have been entrenched in regulations and legislation.
They dictate where the information is to be retained—they even name the automated system in which the information is kept—and they name who has the ability to authorize. We have authorized access related to function and to use, and on a need-to-know basis. We have commitments in place for the retention of the information, for the sharing—who we can share with—and how often we are able to access that information.
That information, and this is a very important point, is actually depersonalized as we get it. The full information on the traveller comes in, and we have 72 hours with that information. At the 72-hour mark, we begin to depersonalize, so that the passenger's name is actually masked from the information.
We have further access to that information from 72 hours to two years. At two years, all of the information is depersonalized, so there is no information that can be connected to the individual.
We have further access for 18 months—up to three and a half years. At the three-and-a-half-year mark, all of the information is deleted or expunged from our system.
We retain the information that's necessary for enforcement or intelligence activities only. We have access to that information for as long as that's an active case. When the information is no longer active, no longer needed for enforcement purposes, that too is deleted.