It is my job to keep an eye on how legislation is effectively assisting with combatting cybercrime around the world. Because we're advising at the board level, we need to have that kind of visibility across not just sectors, but borders.
What we're finding is that the rumours are true: Canada's privacy legislation and Australia's for the most part are very innovative and very effective in and of themselves; however, they're not being used effectively. We're finding that organizations as a whole—not law enforcement, but businesses—are not embracing and not internally enforcing proper practices for at least two tenets of privacy, or at least of fair information practices. Those are the collection and the safeguarding of information. A third would be the disposal, which is sorely lacking. We're seeing this across borders.
We are seeing a lot of proper enforcement down south in the U.S., because there are stiff financial penalties for it, and they fall under security legislation. However, for Canada, which doesn't have much in the way of security legislation, privacy legislation, if correctly applied, could serve to benefit the public and protect it from identity fraud simply through the enforcing of those three tenets of fair information practices.
I'm not sure whether that answers your question, but this is what we're seeing.