I want to thank you for being here today.
I'm a refugee from another committee that isn't actually sitting these days, the justice committee, but I'm happy to be here. Forgive me if I'm not as au courant with everything that's going on that this committee obviously has studied over the last year or so.
If I can take you to your brief, pages 9 and 10, with respect to notification of security breaches, David, I just want to get this straight. I think the gist of the third paragraph on page 9 is that there are now no legislated guidelines for notification. In the last paragraph, you say, or at least I'll say, it's too bad the commissioner did not recommend or have an explicit recommendation for a parallel statutory breach notification, mimicking a bit what PIPEDA had done.
The OPC's response, at the top of page 11, is that “It is the view of the OPC that these requirements should be incorporated into the act itself”—that is, the Treasury Board guidelines.
Do I understand that the OPC has said the Treasury Board guidelines should be incorporated into the act, but you would like to suggest that the considerations that are in PIPEDA for notification also be made part of the act, and it's unfortunate that the OPC did not specifically say that?
Is that clear?