If it's been suggested, I don't recall it. Your suggestion is that if the notification isn't complied with, whatever notification it is, there would be a penalty. I find that interesting. Have you put your mind to who would have jurisdiction over that? Is it the courts, the Privacy Commissioner? That's the first question.
The second question is, have you thought of a minimum penalty? We don't have much time, but the third question would be, would this requirement apply to foreign companies--which I'm sure will get the insurance industry all excited--that have subsidiaries here in this country?