What is a privacy breach?
- A privacy breach occurs when personal information (PI) is disclosed in contravention of the FIPPA.
Examples of real breaches:
- Lost or misplaced information (e.g., lost laptop)
- Stolen information (through hacking or physical theft)
- Unauthorized use (including viewing) or disclosure of information, whether accidentally or deliberately
When you suspect a privacy breach
What do you do?
- Your supervisor
- Privacy Office
What does the institution do?
- Contains the breach
- Determines the severity of the breach
- Investigates the cause of the breach
- Notifies the appropriate people
- Implements any recommendations to prevent another breach
A privacy breach may cause substantial personal harm to the affected individuals and may also result in financial and reputational harm to the institution. So when you handle any Personal Information remember to do so appropriately.
If information is released or accessed without consent and when the disclosure is not permitted by FIPPA, this is considered a breach.
Institutions may have policies detailing:
- Privacy Breach Notification
- Breach Form
- IT Encryption Tools
- IPC: Privacy Breaches Guidelines for Public Sector Organizations
Click here for the next module: Part 4 – Records Management