I do believe that actually having people report when there is a breach is important when there's a risk associated with the information that's been breached. I think businesses should be required to let their customers know if there has been a major breach in terms of the information that has gone out--for instance, if it includes credit card information, SIN numbers, medical records, all those types of thing. But I would think that there are probably different levels of breaches, and I would suspect that sometimes a breach can be fairly minor, and won't have a huge impact on the public.
The other side of this, and one where I can see the business community and I think our members having some concerns, is the fact that they may not even be aware of why the breach occurred. It could have been something that was stolen from them, for instance, or wasn't really their fault.
Those are the situations where it becomes difficult and where perhaps there is a responsibility, I believe, to notify those that have been affected by it. At the same time--