In the context of de-identified information, the focus should be on the actual core privacy protections. I think Bill C-11 started down this path that we can do more things with de-identified data, and perhaps the space it had for codes of practice would be a great place to put some of the standards we were just talking about. How can we get comfortable that we're all talking about the same thing around de-identification and raise that standard?
I think the most important thing, as I said earlier, is not to rely on consent, because we're talking about de-identified information, but to rely on absolutely substantial privacy controls that are in place regardless of the choices or selections. We know that choices and selections are challenging, so let's just get it right.