we also have to deal with spear sphishing. at the outset, my sense would be that, given the fact that the house last year passed a strong measure, the problems are getting worse and larger likely to continue to do so. i would have started there and try to figure out how to improve that bill. in that spirit, wanted to commend you for incorporating the data minimization information in the draft bill. i think this is an important safeguard that not only limits the risk at the outset by telling companies -- really think if you need to have social security numbers on health club members, for example. if you lose control of that information, you have created a risk. so you reduce the risk at the .utset in th one of the other things we have learned based on the citibank experience and the sony experience is that these companies are reluctant to notify their customers when they have a problem. that is why legislation is so important for companies to tell customers that there is a problem and that you will need to act on misinformation