Madam Chair, I would say that the regulations under development—and we are engaging stakeholders on this—would indeed look at issues related to data protection, the retention period of the data, the requirement for companies to develop policies to prevent unauthorized access, and the record-keeping requirements a company would need to have in place. How to put this measure forward while we safeguard privacy rights is top of mind.
There is no decision yet on the scope of application. In fact, we are planning to define the scope in regulations, and it would not just be on class 1. It's not a de facto conclusion that it should be class 1. We are doing the risk assessment to determine whom it's going to apply to, and this could include short-lines.