Privacy Breach Management Process
Privacy Breach Management Tools
| Breach Impact | DSO | Program Manager | Director | Director General | ADM | DM | Minister’s Office | OPC and TBS |
|---|---|---|---|---|---|---|---|---|
| Low | Must be informed | Must be informed | Must be informed | May be informed | May be informed | May be informed | May be informed | May be informed |
| Medium | Must be informed | Must be informed | Must be informed | Must be informed | May be informed | May be informed | May be informed | May be informed |
| High | Must be informed | Must be informed | Must be informed | Must be informed | Must be informed | Must be informed | Must be informed | Must be informed |
| Severe | Must be informed | Must be informed | Must be informed | Must be informed | Must be informed | Must be informed | Must be informed | Must be informed |
| Forms of Notification | Privacy Breach Report to ATIP |
Privacy Breach Report to ATIP |
Privacy Breach Report to ATIP, OPC and TBS |
Privacy Breach Report to ATIP, OPC and TBS Briefing note |
Privacy Breach Report to ATIP, OPC and TBS Briefing note |
Privacy Breach Report to ATIP, OPC and TBS Briefing note |
Privacy Breach Report to ATIP, OPC and TBS Briefing note |
Privacy Breach Report to ATIP, OPC and TBS. ATIP provides verbal notification, follow-up email; and formal report. |
Corrective Measures
(See Step 4 of Mitigation and Prevention)
Corrective measures may be taken by the program manager in conjunction with Labour Relations. Corrective measures may include the following:
- Disciplinary reprimand (oral or written)
- Training, education and awareness sessions
- Coaching and/or mentoring
- Revocation of certain privileges and/or access to system or records
- Revocation of security clearance
- Suspension
- Termination of employment
- Review of internal procedures
- Review of departmental policies
- Reassignment of employee (transfer or deployment)
Note: For internal use only. This Privacy Breach Management Process works in alignment with Step 2 of the ATIP Privacy Breach Risk Impact Instrument. Consult with OPI to determine which officials should be notified of a privacy breach.
Report a problem or mistake on this page
- Date modified: