Actually, in a way I would echo Mr. Lawford. In particular, as regards breaches, there has been extensive voluntary compliance because industry does actually see their security safeguard obligations requiring notification to individuals. Maybe the only little piece that Bill S-4 brings is the reporting to the OPC, but that's actually happening on a voluntary basis because of the excellent guidelines that the OPC has issued.
On February 19th, 2015. See this statement in context.