Thank you very much. You're right on time.
The usual course of action is to proceed with the first round of seven minutes, in the usual order we've agreed to, and then move from there. But before we do, I have one question I'd like to throw out to both of you, as I'm rather curious about it.
Both associations call for harmonization—that makes eminent sense—but you don't think there should be breach notification in certain instances. Just recently, the Ontario and B.C. privacy commissioners jointly released a breach notification assessment tool as a guide for the public and private sector organizations in responding to a breach. Direct notification is the preferred method in the guide whenever the identities of the individuals are known and current contact information is available. That's what the Ontario and B.C. privacy commissioners are recommending.
Do I take it that, because you want harmonization with the other jurisdictions, you're in agreement with this? I'll start with the insurers.