Thank you, Mr. Chair.
Thank you, witnesses.
I've been looking over the excellent research done by Nancy Holmes, our research staff member. I wasn't going to ask any questions, but I became alarmed about some things later on in her research paper, at some of the things that she has recommended we ask you for your input on.
One is dealing with the duty to notify people in the event of a breach, especially in light of high-profile privacy breaches in data companies in the United States, etc. State laws are being enacted now such that in the event of a breach, there would be an obligation to inform the person that their personal information has been compromised in this way. This is interesting to me, because somebody came to me recently and said that Visa has three million breaches per year in Canada alone, and they don't inform Visa card clients that their personal information has been compromised. This is an alarming thing.
Would you recommend, in this first statutory review, that PIPEDA be amended to require that kind of duty to notify individuals in the event of a breach?