That's a big question.
I think Canadian privacy legislation is not something we should just say is insufficient. There are some good privacy frameworks here. It's a question of what are those definitions? What is “real risk of significant harm”? What does that mean to a company like the companies we help, who are trying to determine what they should tell the government when there is a security or privacy breach?
We need to make it more practical for companies and individuals to abide by these frameworks. I'm not saying that we should go all the way to GDPR. I'm sure we all have varying opinions on GDPR. Matt is shaking, now.
The reason people are abiding by GDPR is that there are financial fines behind it, and that's why there are a lot of—