Mr. Speaker, yet again, I listened with great interest to my Conservative colleague's speech.
I have a more specific question for him. I agree that a data breach notification requirement is essential. I even proposed a similar measure in my Bill C-475, which the member voted against.
In my model, I proposed an objective mechanism that would not make organizations themselves responsible for determining whether the data breach or leak was significant enough to notify the client concerned.
What Bill S-4 proposes is really subjective. It would have the organization make its own determination. Many lawyers, experts and academics have found this approach problematic. Does my colleague think that this approach is problematic?