I think the tools that are there are pretty reasonable. If I was a credible business and the Privacy Commissioner went out to the market and said that I did not comply—and I think we as an association were on paper committing during a peer period discussion that we wanted disclosures to be done. If I was a company, and I was disclosed to be non-compliant, that's a tremendous penalty to the company, in terms of economics, loss of customers, market share, reputation, goodwill, you name it. It all goes down. There is a tremendous amount of impact to the companies for non-compliance.
At the same time, you want the companies to be engaged in a conversation with the Privacy Commissioner on an ongoing basis to build what is needed, given that the technology and innovation is moving very, very fast. That conversation needs to be always ongoing on a regular basis.
That's the input we have from our members. I think it kind of works well at this stage.