The organizations don't necessarily agree on what a real risk of significant harm is. In your view, will the standard proposed lead to under-reporting or over-reporting of the breaches identified by those organizations?
On February 17th, 2015. See this statement in context.