If I could respond briefly to that, the task force looking at the payment system, including mobile payments, is also looking at the question of whether greater regulation is needed in this area. But there's a technology slice to it as well. Do you need ways in which you could assure yourself that a website is valid and that your transactions are secure? If you've done any electronic banking, you'll note the “http” shifts, the S comes in to designate it's secure. In some instances, you find little keys on your screen that show you've now established a secure transaction.
I don't think there's any single solution to this. It does require regulation. It does require technology solutions.
The data breach notification in the amendments that were tabled recently to PIPEDA will also help, in that it will force businesses to let the data subject know if there has been a substantial breach that will put at risk your information or identity or finances because of the nature of the breach. And because that now becomes incumbent on all companies--not just those that are good at this and care about it--it should help improve the level of security in firms as well.
The point was made earlier that if you don't have digitally skilled citizens engaging in these transactions, those who do know how to protect themselves, that is also not helpful. In my opinion, we have to make sure that the kids graduating from schools are able to look after themselves online. And we have to make sure that the information we're putting out on our anti-spam websites, on the Competition Bureau website, as many websites as we can, is simple information on how to protect yourself and how to stay on top of what the new scams might look like, and what to avoid.