Thank you.
That clarification is important, because when I hear “mandatory reporting”, I don't necessarily think that's confidential. We've had other testimony that it would be public mandatory reporting so that Canadians have a broader sense, but I think that distinction, at least from that perspective, is interesting.
There is also, I think, a significant onus on individuals or individual corporations to safeguard their security. You mentioned in your testimony that your organization has a policy of knowing where every component of the product comes from, but when companies have boards of directors and shareholders and cost-effectiveness is important, that might not be the case. What would your recommendation be to ensure the public is more aware of what they're purchasing—the onus on them—and then what can government do to encourage the private sector to not always look at just the bottom line but also at the cybersecurity piece?