BREACH REPORTING
IN THE UNITED STATES REPORTING IS MANDATORY
In the US reporting is mandatory within 30 days of a data breach.
There are also certain laws requiring various notification methods to alert affected individuals given the scope of the release.
In Canada we have no such reporting requirements and therefore have no way of knowing how breaches that a Canadian Company may experience line up with the American experience.
Identity Theft Resource Center has released its 2015 Current Summary and the data we take from it is very interesting. The number of records released from Healthcare related organizations constitute the largest amount of released records however the Business Category represents the most breaches.
Canadians tend to follow closely with our neighbors to the South and as such it is suspected that our results would be similar if mandatory reporting existed here.
Official source ITRC Report