The article explores how private sector organizations following federal privacy
law will have to provide
breach notifications to customers and the privacy commissioner where it is reasonable to believe that the
breach creates a «real risk of significant harm».