The mandating of breach reporting is, of course, a useful step that has been called for by privacy advocates for many years. I see it as a necessary step that in fact will bring us in line with other jurisdictions. In the investigations of the House committee on access to information and privacy and ethics, we also raised the point that eventually we would like organizations to see beyond the reporting of breaches that have actually occurred and we would like to have some transparency from organizations regarding attacks that they have suffered.
Obviously the intention is not to have organizations identify their own vulnerabilities but to have organizations in aggregate form, for example the banks through their body, the CBA, report on various attacks, how many have occurred, and where they came from. That is most important, I think, in order to develop public policy.
Without a doubt requiring organizations to start notifying individuals about breaches, as has been suggested in this bill, is a welcome and well-weighted amendment.
Thank you.