Thank you.
I have a question about the January 2011 intrusion mentioned in the Auditor General's report.
This intrusion, which was quite serious, was aimed at obtaining information, taking control and extracting information of a sensitive nature. We know that reacting to that attack was costly and that it took time to recover completely.
What do you think about a mandatory mechanism that would provide notice in the case of loss of data or unauthorized access to data? It might ensure better protection of the personal information of Canadians in the case of a cyber attack.
If that is not an option you are considering, what do you plan to do to protect the personal information of Canadians?