Persons who are registered with the Controlled Goods Directorate must notify the Minister of Public Services and Procurement of any actual or potential data breach within 3 days of discovery of the breach.  Since the requirement includes potential data breaches, Controlled Goods Registrants should report any hacking incidents, potential data breaches, employees taking company data,