Keep a record of the breach

Instructions

Who

It is the responsibility of the institution’s privacy officials to keep a record of every privacy breach, using this tool or the institution’s version thereof.

What

This tool can be used to keep a record of privacy breaches within the institution. It can also be used to facilitate the identification of trends in the occurrence and management of privacy breaches.

When

A record of the breach can be created at any time throughout the breach management process. However, to ensure that all relevant information is captured privacy officials may need to update the record of the breach once a full assessment is completed and mitigation and prevention measures are implemented.

The institution must keep the record of the privacy breach for five years after the date the institution discovered the breach.

To identify trends in the occurrence of privacy breaches and how they are managed across the institution, a privacy official should be assigned to analyze data on breaches at a set interval (for example, monthly, quarterly, or yearly). The interval can be determined based on the number of breaches typically experienced by the institution.

How

Step 1: Download the Record-keeping and trend analysis tool.

Step 2: Assign a privacy official to record the breach, using the fields in the “Record Keeping” tab of the tool. The fields labelled “required” must be completed to ensure compliance with the directive.

Step 3: Determine an interval for the identification of trends in the occurrence and management of privacy breaches across the institution.

Step 4: Assign a privacy official to complete the analysis, using the “Trend Analysis” tab of the tool. The data elements that are included in this section are suggestions and can be modified as necessary.

Page details

Date modified: