I guess my perception is that the large companies have demonstrated quite a bit of sensitivity to concerns. They are aware that consumer concern about privacy is one of their most significant business issues.
You're going to see, over the next few months, an interesting discussion about a technology called “do not track”, which is a service that you can install. The different providers are all approaching this in a different way. One provider is going to make it the default; one provider is not; one hasn't decided yet. They're struggling with how to meet customer demand for privacy while simultaneously knowing that you and I and everyone else appreciate, without thinking about, a lot of the services we are provided.
I'm very glad that the credit card company was able to spot that it was unusual for me to buy $12,000 worth of drywall on a given afternoon. It didn't occur to me that it was a breach of my privacy, though I guess you could make that case.
I would address, instead, that the committee should not be preoccupied always with the monster companies at the top of the food chain. First of all, they won't always be at the top of the food chain. The next major innovation in the business might be fermenting away in the lower basement of someone's apartment right now.
Also, it's very difficult to make regulations in the environment of saying, “Well, this is a huge company and they can afford all this. They can afford notification and constant checking.” That can be a considerable constraint on smaller companies that are trying to evolve in the marketplace and cannot do that.
So it's very challenging for the committee to say that there's a solution that fits all.