Canadian province Ottawa is planning to punish companies who fail to disclose data leaks in new regulations proposed by the federal government.
Instead of the current system where companies are responsible for informing customers that their data may have been hacked, changes would mean that it would be their legal obligation to say if their computer systems had been infiltrated.
Whilst the 2015 Digital Privacy Act implemented some digital changes, new rules would see companies also report data breaches to the Privacy Commissioner's office and any other organisation that may be affected or could help reduce damage.
Canada currently sits third in the rankings for most data breaches in the first half of 2017 with 59 incidents reported, trailing behind the US with 1,357 and the UK (104).
However, the fact that reporting a breach is not currently mandatory could mean that the actual figure is much higher than that reported.
In a notice of the proposed changes, government officials commented that new regulations would ensure "the privacy and security of individuals."
"Mandatory reporting of breaches allows those affected to take immediate action to prevent harm from fraud or identity theft."
"Experts believe that organisations are not taking appropriate steps to minimise the risk and threat of data breaches."