Thank you. That actually helps.
Further to that, if you could respond to the chair's input, I was wondering what it would look like if we embraced this as something we should do to PIPEDA. The question put here by our researcher is, would non-notification be a breach that you could file a complaint to the Privacy Commissioner about—for instance, if my Visa had been compromised, even if the company fixed it and it didn't cost me a penny, but they didn't inform me. Do you think that is something I should be able to complain to the Privacy Commissioner about, either as a class action or as an individual?