The entity creates and retains a complete, accurate, and timely record of detected or reported unauthorized disclosures (including breaches) of personal information to meet the entity’s objectives related to privacy
The entity creates and maintains a record of detected or reported unauthorized disclosures of personal information that is complete, accurate, and timely.