I approached this incrementally.
The first point of order is that the law needs to change so that we have the right tools, the right legal tools, to ensure compliance by corporations. That won't happen immediately, but my hope is certainly that within a very few years this will happen. Then, at that point, there needs to be a discussion around the resources necessary to make that system work.
With the sums reserved for us in the federal budget, I think there's a.... I asked for more, but we received a not inconsequential sum of money to bridge us toward this new legislation, which I hope will be adopted within a couple of years. I'm fairly optimistic.
Do we have all of the tools we need, including resources? No, and choices have to be made. You're right to point out that, as with any other regulator, because of the exponential changes to technology and the digital economy, we have many issues and companies to monitor and look at, and we need to make choices. We cannot go after all problems—even serious—but the resources that were given in the budget will certainly make an important difference. Let's have a discussion around what the shape of the new legislation should look like, and then we can talk about the necessary resources.
As a comparator, I would say that with the new funding our size would be similar to that of large European data protection authorities, but much smaller than the U.K. Information Commissioner's Office. What is the right size is a question for discussion.