I have a question for Mr. McLinton and Mr. Littler.
Bill S-4 provides for a mechanism to notify individuals of security breaches. You appear to support that. The model proposed under Bill S-4 will require organizations to, themselves, determine whether the breach creates a risk of significant harm to the individual or not. Do you think it would be easy for your members to make that assessment? Do you expect to receive some support to ensure you are properly complying with the bill's provisions?