I couldn't say why we subcontract rather than doing it internally. However, I can say that a process has been established so that firms—I forget the exact term but it pertains to contracts—meet our requirements, and do everything we want in terms of privacy.
You referred to the Privacy Commissioner's report. We contacted the Commissioner and we met with him a few times during this process, to explain what we were expecting from the company at the time. The complaint filed with the Privacy Commissioner was about the fact the information was managed by a company located in the United States. Ultimately, the Commissioner conducted an investigation and verified certain things. He concluded that the complaint was not well-founded.