For the most part, the majority of the breaches reported to us—and we have mandatory reporting of all breaches under ATIPPA—are incidental, accidental, careless, and generally things that don't involve an intent to abuse, share, or disclose somebody's personal information.
We do have a number of instances where people have deliberately accessed other people's personal information and that has been shared or disclosed. The impact on the people who are affected by it is profound. Once you've been deprived of your sense of privacy and your dignity, depending on the nature of the information, it makes it difficult to move forward in your relationship with a particular public body or a government in general.
Conversely, we would note that we've experienced situations where the unnecessary notification of individuals that their privacy has been breached can cause a lot of damage, as well. Once you've been notified it's hard to put the genie back in the bottle. People have a hard job being convinced that the breach didn't have any impact on them.