I don't have any insight into the mechanics of the current system. I know records are exchanged. I don't know how the systems are designed. I haven't seen any of the risk assessments or been involved in that. Certainly, from a security perspective, the right approach is to ensure that risk assessments are conducted, and that we pay close attention to the guidance that's provided by our lead agencies.
Again, there are a whole host of cybersecurity threats facing individuals and Canada as a whole. Our goal needs to be to manage those threats, and that starts with designing systems with the appropriate controls right from the beginning.
One of the challenges in cybersecurity is that security is often slapped on like a band-aid after the fact. One of the improvements—and I've certainly seen this with some of the government plans I've worked with—is to consider that early in the process. Consider security in the design process, and build in the level of security we need.
Again, I can't speak to the degree to which that's being done with the current system.