Complete a preliminary breach report

Instructions

Who

The preliminary breach report can be completed by the office of primary interest (OPI) for the program area of the federal institution where a privacy breach has been discovered to meet their obligation to notify privacy officials of potential or confirmed privacy breaches. Often the employee who first identifies the breach will be responsible for reporting it to privacy officials.

What

The report can be used to officially notify an institution’s privacy officials of a confirmed or potential breach. If there are security implications, the report can also be used to notify the institution’s security officials.

When

The report must be completed only after taking the steps necessary to contain a potential or confirmed privacy breach and secure the personal information involved.

How

Step 1:

Download the preliminary breach report:

Privacy tip

Completing the fields labelled “Required” in the preliminary breach report ensures compliance with the Directive on Privacy Practices.

Step 2:

Depending on the severity of the breach or likelihood of harm, the report may be submitted before completing all fields. However, the fields labelled “required” must be completed.

Privacy tip

Do not include personal information in this report unless it is necessary to explain the nature and sensitivity of the personal information involved. If personal information is included, be sure to label the document as “Protected B”.

Step 3:

Submit the form to the institution’s privacy officials. They’re usually located within the Access to information and privacy (ATIP) office.

Page details

Date modified: