Part 3 – Privacy Breach Prevention & Response
What is a privacy breach?
- A privacy breach occurs when personal information (PI) is disclosed in contravention of the FIPPA.
Examples of real breaches:
- Lost or misplaced information (e.g., lost laptop)
- Stolen information (through hacking or physical theft)
- Unauthorized use (including viewing) or disclosure of information, whether accidentally or deliberately
Key Point
All Institutions will have policies detailing the following: faculty, staff, contractors and volunteers have a duty to report suspected privacy breaches to their supervisor or manager, who will then initiate an investigation by reporting it to the Privacy Office.
When you suspect a privacy breach
What do you do?
Immediately inform:
- Your supervisor
- Privacy Office
What does the institution do?
- Contains the breach
- Determines the severity of the breach
- Investigates the cause of the breach
- Notifies the appropriate people
- Implements any recommendations to prevent another breach
A privacy breach may cause substantial personal harm to the affected individuals and may also result in financial and reputational harm to the institution. So when you handle any Personal Information remember to do so appropriately.
If information is released or accessed without consent and when the disclosure is not permitted by FIPPA, this is considered a breach.
Learn More
Institutions may have policies detailing:
- Privacy Breach Notification
- Breach Form
- IT Encryption Tools
- IPC: Privacy Breaches Guidelines for Public Sector Organizations
Click here for the next module: Part 4 – Records Management
