Colleagues, if you'll just indulge me for a quick second, I have a question for the witnesses.
Notwithstanding the fact that the data garnered by malware, spyware, bots, and so on is covered under different Canadian legislation, that information can sometimes be melded and merged with information that's legitimately garnered through something like the people who follow PIPEDA. Given the fluidity of data, the World Wide Web, and the fact that it's uncertain exactly where the data is actually stored—we have distributed storage around the world, distributed processing around the world, and so on—how important is the harmonious nature of our legislative and regulatory environment when it comes to the protection of information in order to ensure that we get the right balance between protecting people's personal information and not chasing away tech companies in Canada that might be investing, researching, and doing innovative things with the use of data? How do we make sure we get that balance right?
I'll just leave that out there for whoever wants to go first.
Seeing none, I'll pick Mr. Karanicolas.