I do.
I would echo what my colleague has said. You need to have an effective regulator, one clear regulator, for these issues, and effective sanctions that the regulator could impose. The banks react quite differently to OSFI than they do to the Office of the Privacy Commissioner—no disrespect intended to any one of those—because of the powers that each institution has with respect to them. In order to be serious, I think we have to consider what powers we will give to whomever is decided to be the regulator.
We need one effective regulator, especially with all the smaller players as well. The banks are established businesses with traditions. The smaller players are also very concerning to me, because they're often not Canadian and they don't even know that they have Canadian law that they have to comply with sometimes.