There's just one follow-up question I didn't get a chance to ask.
With your testimony and with testimony that we've heard before, there seems to be some hesitation in giving the commissioner more enforcement powers. I just want to understand why you feel there should be that hesitation. Why should we not give the commissioner more and more powers to enforce breaches of privacy especially when it's not going to be detrimental to those companies that are following best practices?
I'm just confused about why there's hesitation especially when we know in Europe, especially with the GDPR, the maximum penalty is 4% of general turnover, or up to 20 million euros. Why is there hesitation here in Canada to have a robust enforcement policy?