What we want in terms of a regulatory regime is a principles-based approach, one that does not micromanage the technical decisions that companies are going to make. That's point one that we think is a priority.
The second point is a strong enforcement regime that gives those regulatory requirements their teeth. When we think about this in the United States, in Canada, and in Europe, the question is, does the right set of principles apply? Is that in place, and is the enforcement structure there?
Specifically with respect to Canada, with PIPEDA, I am not a PIPEDA expert, but I think you do have a strong foundation in place. You might consider changes to align PIPEDA with the GDPR, but I think it's important that you actually have a good baseline. A baseline does not really exist in the United States today.