It is TD's practice today to notify all individuals who have been compromised, or we suspect have been compromised. For all material or larger systemic things, we would also notify regulators, the Privacy Commissioner, etc., but on an individual basis, to answer your specific question, it is our policy to do that today.
