The proposed code of practice has been published by the Office of the Data Protection Commissioner on its Web site and is open for public comment through June 18. The code of practice would require organizations to report a breach within two working days with some exceptions if strong security measures are implemented. All breaches that result in the loss of personal data affecting more than 100 people would have to be reported unless the personal data was encrypted to a “high standard” with a strong password and that password had not been compromised.