Thank you, Mr. Chair.
I just have a really quick follow-up, because I was politely cut off.
I wanted to ask the information management folks about the question of notification. I was interested to hear you say that you want to extend that or have more detailed notification requirements. The commissioner has come to tell us previously—and we're going to have the commissioner back—that the notification system we have now is adequate and that, if possible, notification is not required and the issue gets resolved internally. Then nobody's hurt by it and that's sufficient.
Have you actually surveyed your members so they know that they will be more liable, based on your presentation today, if there is a change to the notification piece, in that, as some have argued, for any breach at all there should be notification to the person?
In my mind, a lot of records in this country are stored near warehouses, and sometimes they get destroyed and sometimes they don't. I think you're at a higher risk than many. So I'd like to know for sure that I can say that I heard from your organization, and that you have surveyed your members, and they are confident that you are right that there should be a greater notification process than what exists now in PIPEDA.