I have a question with respect to monetary penalties. You appeared before the Senate committee on banking, commerce and productivity, where you stated that you do not currently have “the authority to impose financial consequences” for a breach of liability. In your view, is a monetary penalty one of the most effective ways to ensure compliance, or do you have other ways that you would go about that when dealing with breaches of sensitive information?
