There's a prepared question here that deals with the B.C. Information and Privacy Commissioner. He stated that he would not support an explicit notification requirement along the lines of those that have been happening in the United States. He would prefer to wait for evidence that mandatory notification is actually a cost-effective way to reduce risk of, for example, identity theft flowing from a so-called data breach. In the meantime, he's saying it would be better to reconsider the PIPEDA obligation for organizations to take reasonable security measures to protect personal information against unauthorized use and to work with organizations and issue guidance.
Do you have a comment on that? Where does that come from? It just seems to be contrary to what they're doing.