Thank you, Mr. Chair.
This has been a fascinating discussion. I think one of the issues that we are trying to grapple with is the effect of risk if privacy is breached. This is a serious issue. We can develop as much as we want, but the risks to citizens are much higher now than they've ever been because of the ease of access.
I'm concerned about two areas. One is in terms of fraud. Scams such as the 419 scam can track people now. They can find information. They can tailor their pitch to you in an e-mail or on Facebook based on specific points of data that would not have been possible before. We're not going to know about their ability to catch people because many people who are caught up in a fraud are just too embarrassed to come forward. This is happening all the time, and it's happening because it's not the good players who are breaching data, but other people who are breaching data.
Mr. Gupta, given the seriousness of this, we're seeing that under Bill C-12, private companies should only need to report privacy breaches if it proves significant harm. That's a pretty high test. Don't you think that given what's out there, the Privacy Commissioner should be deciding whether a breach is something to be reported?