Right. But again, that was a story about access to credit card information largely, that people's credit card information was exposed. So maybe that's the focus on fraud.
I would say that, for the purposes of a lot of businesses, that may be too narrow a definition. Part of the problem with having a mandatory breach notification is determining in which circumstances that notification has to occur. And one of the great strengths of the existing privacy framework in the legislation is its flexibility. I think that flexibility needs to be brought to bear in cases of material breaches of information. So first of all, I think the breach has to be material, in some way.