From my perspective on this committee, I've worked with you, alongside you, for many years now. I am concerned that we don't, as opposition members at least, have timely information.
You referenced, I believe, in your opening statements that, given the significance of these risks and the potential impacts they can have on individuals, timely breach reporting requirements need to be made a legal obligation under the Privacy Act, rather than a Treasury Board Secretariat policy requirement.
Would you not agree that the same duty of candour and legal requirement as a reporting mechanism to this particular committee would help to make sure that these significant issues are communicated properly?