I mean mandatory data breach reporting, the compliance regime, the compliance agreements that the Office of the Privacy Commissioner can enter into, fine tuning for consent. For example, the idea that if you're selling to children or providing a service such as an app or a game to children and you need consent from them, you should be using language that's appropriate for a child, so they could understand what you're asking of them.
Those changes were important in strengthening PIPEDA, and we need to have some experience in seeing how they work.
We have work that will go on in a more formal way as we understand what the EU wants to discuss with us. Do we need a more formal research agenda? And we have the work that's going on with the Privacy Commissioner around things like consent, data, big data, analytics, the Internet of things; how all those kinds of pressures will change privacy and the perception of privacy.