Yes. That's another important question that my office is looking at. In fact, I've expressed my concerns with those parts of Bill C-12 that deal with data breach protection. I think in the time that we've been aware of the magnitude of the data breaches that are happening—both within Canada and outside of Canada—to Canadians' information as it circles the globe...we need stronger provisions in C-12.
I'm concerned if Canada does not set a higher bar—including looking at sanctions for companies that do not take necessary steps to protect personal information—we will have fallen well behind the actual practice in many American states, of countries abroad, like the U.K., where fines are imposed for data breaches. They're mostly to public sector organizations, it seems.
I think we have to send a strong signal—and I sent this a year ago to companies—that data breaches are not acceptable. Some may be almost unavoidable because of the cutting-edge technology and so on, but many just seem to be lack of attention, lack of training, and lack of investment in data breach procedures and equipment.