We believe that PIPEDA actually had a lot of elements around this. It already had organizations considering what was reasonable and what would be reasonable uses relating to personal information. That was in the Privacy Commissioner's guidance a lot. Now we see the CPPA taking those good things from PIPEDA and encoding the Privacy Commissioner's guidance around appropriate uses and reasonability.
When it comes to innovation, we believe there is a need for organizations to be able to leverage the information in a responsible way to be able to do this. We see this in some of the areas where there's more permission to use de-identified information for internal research and development and analytics purposes—again, in a responsible way.
We want to make sure that there are appropriate limits on some of this as well. We have a concern with respect to the prohibition on reidentifying information, because we believe that a lot of organizations, when they do their analysis and are looking for ways to innovate, will often de-identify information just to keep it safe. When you have a prohibition on reidentifying it, organizations won't do de-identification just for safeguarding. We think that's one area where an improvement can be made, but the use of de-identified information for internal purposes is very welcome.