It's only since mid-April that we have known the content of the regulations, so it was difficult to give precise advice to organizations on how we would implement them. We're currently in the process of developing guidance now that we know the text. That being said, before the regulations were published, we were, and are still, in the world of voluntary breach reporting, and we have contacts, and we have conversations with organizations on the information that we think helpful when they report, currently voluntarily.
On May 1st, 2018. See this statement in context.