You piqued my curiosity during your testimony. You stated that some businesses in the private sector don't report privacy breaches.
Could you explain to the committee what that means? Can you suggest any solutions? For example, should the Privacy Act or the regulations be amended?