Just to help me understand, if the privacy breach that occurred with respect to these 31,000 cases was a result of an individual company's policies, and if it was aware of that, then that company would have an obligation to report that breach to you. Is that correct?
