The privacy breach management toolkit
To report a material privacy breach, privacy officials must use the Office of the Privacy Commissioner of Canada’s Online Breach Reporting Form or the accessible pdf Privacy Act Material Breach Report form.
For full functionality of the accessible pdf Privacy Act Material Breach Report form, the form must be downloaded and opened in Adobe Acrobat, Foxit PDF Editor, or Kofax Power PDF with java script enabled. Trying to edit this form before saving it locally and enabling java script will result in important form functions being unavailable.
Do not edit the pdf form within Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox or other browsers.
About the Toolkit
The Policy on Privacy Protection requires federal institutions to have plans in place to respond to privacy breaches. These plans must:
- address privacy breaches that affect any personal information under the control of the institution, including information held by a third party as part of a contract, agreement, or arrangement with the institution
- include roles and responsibilities for managing a privacy breach
- align with security requirements
- meet the requirements of Appendix B: Mandatory Procedures for Privacy Breaches of the Directive on Privacy Practices
The toolkit provides non-mandatory guidance to institutions to support the management and prevention of privacy breaches. Although the toolkit contains four phases, there will be overlap during the breach management process. Privacy officials are encouraged to download and adapt the tools as necessary to meet the specific needs of their institutions.
Related links
Page details
- Date modified: