The PIPA Breach Report analyzes nearly 2,000 breaches received by the OIPC since 2010 when mandatory breach reporting requirements came into force. The report offers guidance to help organizations and law firms specializing in privacy law decide whether there is a real risk of significant harm (RROSH) to an affected individual as a result of a breach. Based on information submitted by organizations when reporting a breach, the report analyzes how long it takes organizations to discover breaches, notify individuals and report to the OIPC. It also looks at whether malicious intent or deliberate action was involved in a breach, types of harm, types of personal information, reporting industries, among other data.