We're satisfied with the regulatory approach to a breach. It was originally a self-regulatory regime. The self-regulatory regime was built as a result of consultation. It was actually a great example of the kind of collaboration the PIPEDA model affords.
As data breaches became more of an issue through the last five or 10 years, the Privacy Commissioner and others recognized—I don't think there was disagreement within the business community—that there was more of a need to raise the bar and have a formal set of reporting requirements. Certainly the Canadian Marketing Association supports the breach notification provisions that are in PIPEDA now as a result of the amendments. We're engaged in talking to government about what the detailed regulations will look like just to ensure that they're not overly and unnecessarily burdensome to businesses and other organizations. That's our position.