Notification to Affected Individuals: Sample Letter

Privacy Breach Management Tools

Department address

Dear [name]:

I am writing to you with important information about a recent privacy breach involving your  personal information. [Name of organization] became aware of this breach on [date]. The breach occurred on or about [date] and occurred as follows:

(Describe the event, including, as applicable, the following):

  • A brief description of what happened.
  • Description of the information that was inappropriately accessed, collected, used or disclosed (e.g., full name, Social Insurance Number, date of birth, home address, account number(s), diagnosis, disability code, etc.).
  • Risk(s) to the individual caused by the breach.
  • Steps the individual should take to protect themselves from potential harm from the breach.
  • A brief description of what the organization is doing to investigate the breach, control or mitigate harm to individuals and to protect against further breaches.

[Sample paragraphs regarding credit protection]

  • To help ensure that this information is not used inappropriately, [organization] will cover the cost for you to receive credit monitoring for one year. To receive this credit protection service, please provide your consent by calling our toll-free number at 1-234-567-8910.
  • You may periodically request a credit report. Whether or not your data has been involved in a breach, you can receive a report from each of the national credit bureaus listed below. You should remain vigilant about suspicious activity and check your credit reports, as well as your other account statements, periodically over the next 12 to 36 months. You should immediately report any suspicious activity to the credit bureaus.
  • You may place a fraud alert on your credit report. A fraud alert tells creditors to contact you before they open any new credit accounts or change your existing accounts. This can help prevent an identity thief from opening additional accounts in your name. As soon as one of the credit bureaus confirms your fraud alert, the other credit bureau will be automatically notified in order to place alerts on your credit report, and the reports will be sent to you free of charge. To place a fraud alert on your credit file, contact one of the two national credit bureaus at the numbers provided below.
  • Order your credit reports. By establishing a fraud alert, you will receive a follow-up letter that will explain how you can receive a free copy of your credit report. When you receive your credit report, examine it closely and look for signs of fraud, such as credit accounts that are not yours.
  • You can place a "credit freeze" on your credit file so that no credit reports can be released without your approval. Please contact the national credit bureaus below for more information. Both bureaus charge a fee for this service. To contact the credit bureaus, you can call the numbers below, or you can visit their websites for further contact information:
    • Equifax: 1-800-465-7166;
    • TransUnion: 1-800-663-9980;
  • Continue to monitor your credit reports. Even with a fraud alert on your account, you should continue to monitor your credit reports to ensure that an imposter has not opened an account with your personal information.

A toll-free number is available for you to call us with questions and concerns about the loss of your personal information. You may call [insert toll-free number] during normal business hours with any questions you have.

We have also established a section on our website [insert link] with updated information and links to resources that offer information on what to do if your personal information has been compromised.

We take our role in safeguarding your personal information and using it in an appropriate manner very seriously. Please rest assured that we are doing everything we can to rectify the situation.

Please note that under the Privacy Act you are entitled to register a complaint with the Office of the Privacy Commissioner of Canada with regard to this breach. Complaints may be forwarded to the following:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau (Quebec)
K1A 1H3

Additional information is available on the Privacy Commissioner's website at

[Insert paragraph based on situation]

Should you have any questions regarding this notice or if you would like more information, please do not hesitate to communicate with the undersigned.


[Insert applicable name and contact information]

Page details

Date modified: