Thank you, Madam Chair.
My question is for Mr. Slinn from the RCMP.
We have had cases in the past in which someone has paid out a ransom for a cyber-attack and loss of privacy. A good example is the University of Calgary. Under Canadian law, is there any obligation for a company or an institution to even acknowledge that they've paid out a ransom for a cyber-attack, or is that something that doesn't have to be disclosed?