It connects nicely with my response to the previous question.
It was made very explicit in the Shared Services Canada Act that, for the purpose of exercising rights of access under both the Access to Information Act and the Privacy Act, the data that resides within SSC's IT infrastructure, whether it's the data centres, the email solutions, the networks, is not under the control of Shared Services Canada, but in fact under the control of partner organizations. The access requests, under both acts, must be filed by the government institution that has the mandated program activity, and therefore, overall responsibility for managing that information and making it available.
Shared Services Canada does not have a high volume of requests under the Privacy Act, contrary, for example, to the Revenue Agency or Immigration Canada or ESDC, and other government departments. Their primary bread and butter is the handling of personal information in the delivery of programs and services, such as taxpayer administration and employment insurance, but Shared Services Canada does not deliver program activities of that volume where we handle person information.
We'll have some personal information in terms of email authentication, IP addresses, that type of administration, but we don't administer federal program activities that hold known—