It's a very good question.
One of the things is that our members have very robust cybersecurity processes already, and, as Mr. Ghiz mentioned in his remarks, they already collaborate deeply with government. Many of the things that could come about as a result of Bill C-26 are things that the industry is already doing. There is CSTAC, the Canadian security communications advisory committee, which puts out best practices and guidance, etc., for all the telecommunication service providers. Bill C-26 could allow the minister to actually order specific practices, for example input.
In terms of the regulatory burden, I don't know of any industry that welcomes additional regulations, as it does add some burden. Again, our members already have robust practices, so I think the additional burden is mostly around things like the reporting requirement. That's where the legislation could require some improvements. It says that we must “immediately report” an incident. Well, “immediately” is right away, and you wouldn't have enough information to even know if you'd had an incident. Some of those things can be improved.
I hope that has answered your question.