You are referring to companies reporting privacy breaches, which will become mandatory under the provisions that will soon come into force. Under the act, companies will be required to report major breaches. So we will have to look at those reports. Companies currently report on a voluntary basis. In the past three years, we received about a hundred reports each year.
Judging from experience when a similar provision was implemented in Alberta, we expect a significant increase in the volume of incident reports when the provisions come into force.
We currently have the equivalent of two people working on these matters. If the volume increases substantially when the provisions come into force, that will create much more pressure on us. We will have to deal with that. We will see what the new volume is, but as it is we do not have much leeway. There might be problems in that regard.
As a rule, we do a fairly superficial review of those reports because we do not have the resources needed to do much more, except when the risk is especially high. In recent years, we conducted some investigations of that kind when the risk to privacy was high. So we do a lot of relatively superficial analyses and a much more detailed examination in certain exceptions.