Report a Privacy Breach at your Organization

For use by the following organizations reporting a theft, loss or unauthorized use or disclosure of personal information or personal health information (as applicable) to the Information and Privacy Commissioner of Ontario (IPC):

  • Health information custodians under the Personal Health Information Protection Act, 2004
  • Service providers under Part X of the Child, Youth and Family Services Act, 2017
  • Institutions under the Freedom of Information and Protection of Privacy Act or the Municipal Freedom of Information and Protection of Privacy Act

Important Note: Do not include any personal information or personal health information with this form.

The IPC recognizes that the investigation, containment, and remediation of this privacy breach may not be complete at the time this form is submitted. Please provide as much of the requested information as is presently known.

The IPC may request additional information after reviewing this form.

Date of this Report (required)
(MM/DD/YYYY)


Type of organization: (required)
Health information custodian - you are reporting a breach as required under section 12(3) of the Personal Health Information Protection Act, 2004 and Ontario Regulation 329/04 made pursuant to that actInstitution (ministry, municipality, etc.) - you are reporting a breach under the Freedom of Information and Protection of Privacy Act or the Municipal Freedom of Information or Protection of Privacy Act


Description of the privacy breach

Please describe the circumstances of the privacy breach, including

  • What happened?
  • Describe how personal information/personal health information (as applicable) came to be stolen or lost or used or disclosed without authority
  • Date (or date range) of theft(s), loss(es) or unauthorized use(s) or disclosure(s) of personal information/personal health information
  • Date privacy breach was discovered by the reporting organization
  • How this privacy breach was discovered by the reporting organization
  • Were other organizations (health information custodians/service providers/institutions) involved in this privacy breach? Please explain.
  • Describe the nature of the personal information/personal health information that was stolen or lost or used or disclosed without authority
  • The number of individuals whose personal information/personal health information was stolen or lost or used or disclosed without authority


Containment

Please describe the steps that have been taken to contain the privacy breach, the date that such steps were taken, and the outcome of these steps (including whether these steps were successful in containing the privacy breach).


Notification (required)

Were the individuals whose personal information or personal health information was stolen or lost or used or disclosed without authority notified of this privacy breach?
YesNo

If yes, on what date was notification provided?
(MM/DD/YYYY)


Investigation/Remediation

What steps have you taken to investigate this privacy breach?

What steps remain to be taken to investigate this privacy breach?

What steps have you taken to remediate and prevent a future privacy breach?

What steps remain to be taken to remediate and prevent a future privacy breach?


Attach Documents: (10MB maximum)


Submit the form:

Option 1:   Send this form now

captcha
Type in the code above (required)


Option 2:   Print the form and email to: reportabreach@ipc.on.ca or mail to:

Registrar
Information and Privacy Commissioner/Ontario
1400-2 Bloor Street East
Toronto, Ontario
M4W 1A8


What happens next? Someone from our intake team will contact you to discuss your complaint.

Find out more about managing privacy breaches.
You can also contact our office by email at info@ipc.on.ca, by phone at 416-326-3333, toll-free at 1-800-387-0073 if you have questions.

Print or Save