Fair enough, I appreciate that.
I have a question for Mr. Watson or Mr. Leduc.
When it comes to the threshold for compliance, monetary penalties, we talked about how it's different.
Mr. Leduc, or maybe it was Mr. Watson...I think you said it would be okay for Target, that they'd survive. Target is going to survive because they're a large enough company, but a small or medium-sized enterprise might not survive if their data is breached and there were monetary penalties associated with it through any changes that this committee might recommend in the legislation.
Should there be a threshold? I'm not much for arbitrary lines in the sand when it comes to legislation, but should there be a threshold, so that companies that are small and don't necessarily have a privacy person appointed...?
I mean, I had my own IT company before I did this. I was a one-man shop. I was my own privacy consultant in my company. What do we do for those smaller companies? Should we have an exemption so that those companies would be not affected in the same way as a larger corporation, or is there an inequity and unfairness inherent in that?