By way of a refresher, following the implementation of the new data breach sections of PIPEDA, organizations that experience a data breach (referred to in PIPEDA as a «breach of security safeguards») must determine whether the breach poses a «real
risk of significant harm» (which may include bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss,
identity theft, negative effects on the credit record and damage to or loss of property) to any individual whose information was involved in the breach by conducting a
risk assessment.