If there are subsidiaries here in this country, they're subject to our law to the extent they are collecting and using information inside Canada. I think that's fairly clearly understood.
With regard to the offence, section 28 of the act already outlines what the offences are at the present time. There are certainly offences for obstructing the Privacy Commissioner in performing her duties. Those fines range from $10,000 to $100,000. Generally speaking, it would be through the Attorney General, and there'd be some kind of a hearing or trial, whatever, to establish the fine. It would be an offence under the act, though.
In the case of breach disclosure, any organization that knowingly withheld information about a breach, knowing that it could cause public harm or loss of, say, credit standing, cause the kind of harm that we associate with identity theft, if they did so knowingly and without regard to the public interest, I think that should be considered a serious offence under the act. I think there needs to be some kind of a penalty put in place in the act to make especially smaller companies that may not have the kind of fiduciary responsibilities or sense of obligation that large corporations have understand that this is a serious issue and it will be treated as a serious issue.