(1) An organization shall, in accordance with any prescribed requirements, keep and maintain a record of every breach of security safeguards involving personal information under its control.
Provision to Commissioner
(2) An organization shall, on request, provide the Commissioner with access to, or a copy of, a record.
2015, c. 32, s. 10.