There are 40,000 employees of various levels who need to reply to people who call from everywhere, as Monsieur Dusseault was saying. They need to reply, so they need to have access to the files, yet it has to be controlled. It can't go out. It's sensitive information. That's the first complexity, that it's operational, with so many people at so many levels.
The second complexity is that the government does want to have access to some of the information. For example, we know that “follow the money” is key to uncovering illegal activities. That means there has to be some authorized access in spite of all the protections. That's another complexity.
Then, with 400,000 people in the public service—this number is correct—that's a lot of people to monitor. That's a lot of people who could have a grudge, who could have some malicious intent. I've seen lots of them. I haven't seen them only in government. I've seen them in the private sector as well. If you look at the internal threats to data security and the external threats to data security, you realize that the risk is very high.
One advantage we have in our law firm, since you made the comparison, is that we're all lawyers. We are all lawyers who have a vested interest in this business flourishing, and therefore we have a culture that favours, that helps, data security. In the government, however, you can have a disgruntled employee. You don't have an employee who at the same time has a personal investment of money in the business. You have different contingencies to contend with.
I can tell you about one agency for which I have a lot of sympathy. It was also very operational. Their main challenge was their disengaged staff. Because the staff was disengaged, the staff did not exercise the proper discipline that they should have.