Yes, I'm happy to do that.
With respect to the CPPA, currently in the drafting, the Privacy Commissioner would have the ability to recommend administrative monetary penalties up to $10 million or 3% of global revenue, whichever is higher. The act also specifies a number of specific offences for egregious contraventions of the act, which carry higher penalties of up to $25 million or 5% of global revenues, whichever is higher. Some of the examples of an egregious offence would be an organization that disobeyed an order directly, an organization that obstructed investigation, an organization that retaliated or attempted to retaliate against a whistle-blower or one that did not inform the commissioner of a breach of privacy.