Preliminary Report

Privacy Breach Management Tools

Protected B (when completed)

Report date:


  1. Upon discovery of an actual or suspected privacy breach that involves personal information, the Office of Primary Interest (OPI) must contain the breach and report it in accordance with name of department policy.
  2. A copy of this preliminary report must be forwarded to the name of appropriate office or group.
  3. The department name Chief Privacy Officer or delegate, name, will liaise with the appropriate supervisor or other designated individual and with Security, as appropriate, and report the breach to the Access to Information and Privacy (ATIP) Office.

(Please print)

A. Period of time over which the breach took place

  1. Date(s) of breach:
  2. Time of breach:
  3. Location of breach:
  4. When and how was the breach discovered?
  5. Provide a brief description of the breach (what happened, how it happened, etc.):
  6. Identify the person whose information was compromised (name and PRI, if applicable). If information regarding more than one person was compromised, please attach a list:
  7. Is/are the affected individual(s) aware of the breach?
    • Yes
    • No
    Whether yes or no, request direction from the Chief Privacy Office or the ATIP Office.
  8. Format of information involved:
    • Electronic records
    • Paper records
    • Other (describe):
  9. What information was involved (check all that apply):
    • Personal Information Banks (PIBs)
    • Medical
    • Dental
    • Psycho-social
    • Other (describe):
  10. List the immediate containment actions and/or interventions, if any (also complete the Office of Primary Interest (OPI) Preliminary Assessment and Containment form):
  11. Is there information or evidence to support the allegation of the breach? If yes, please specify:
  12. Has a supervisor or other delegated individual been notified of the breach?
    • Yes
    • No

B. Please name the person(s) directly involved in this breach (witnesses, investigator, individual who may have caused the breach, victims, etc.). Attach a list if necessary.

  1. Name
    Contact information:
  2. How was this person involved?
  3. Name
    Contact information:
  4. How was this person involved?

C. Follow-up required

  1. The OPI has determined that this breach has been addressed internally, with no follow-up required.
    Breach closed:
  2. ATIP:
    Breach closed:

Report completed by (name and title):

Contact information:

  • Telephone:
  • Email:

Privacy Act statement: Personal information collected on this form is under the authority of the (Name of Act). The information is collected to report and investigate privacy and security breaches, and to ensure that vulnerabilities are identified and the risk of future occurrences is reduced. The information you provide is protected under the Privacy Act. Information on this form will be used, disclosed and retained in accordance with the conditions listed in Personal Information Bank Security Incidents and Privacy Breaches (PSU 939). Instructions for obtaining this information are outlined in the government publication Info Source.

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: