Since receiving the warning from the RCMP in October 2007, the CRA has been undergoing an analysis of various technologies that might fit the bill, a process that is now complete, said spokesperson Caitlin Workman. "The CRA will pilot these hardware and software solutions to determine the most suitable option(s) for our environment. Once the pilot results are analyzed, the appropriate product(s) will be identified and procured," she wrote in an e-mail statement to .

The pilot will take place in May, after which "the most efficient" software will be chosen and put in place in September, said Workman.

In the meantime, there are hard drives containing sensitive data that have been stockpiled in the absence of a better disk-erasing tool, acknowledged Workman. However, she explained, those are newer hard drive models for which DSX software -- the previously sanctioned tool by the police force -- is deemed unreliable. While older hard drives continue to be erased using DSX, newer ones are either destroyed "or kept under lock and key, with access to these secure storage facilities restricted to authorized personnel only," said Workman.

Canadians have no reason to be concerned for their confidential information, said Workman, noting that "no information security breaches were discovered by the CRA internal audit."

Brian O'Higgins, security expert and chief technology officer with Ottawa-based intrusion detection technology vendor Third Brigade Inc., said that while the results of the audit do not exactly leave people with a good feeling, he does believe the government and the CRA in particular understands security and has rigorous IT security practices in place.