Managing privacy breaches in the public sector

News stories and alerts about data breaches are popping up on our news feeds and social media channels with increased regularity. To help Ontario’s public sector organizations manage and prevent privacy breaches, the IPC has updated its guidance.

A privacy breach occurs when personal information is collected, retained, used, disclosed, or disposed of in ways that do not comply with Ontario’s privacy laws.

The most common privacy breaches occur when unauthorized persons gain access to personal information. For example, personal information may be seized in a cyberattack, stolen from a portable device, or accessed by an employee for improper purposes.

The updated guidance provides the steps that public sector organizations should follow immediately upon learning of a privacy breach. It also outlines the IPC investigation process and practical measures organizations can implement to reduce the risk of future privacy breaches.

For organizations subject to Ontario’s health privacy law, refer to our guidance, Responding to a Health Privacy Breach: Guidelines for the Health Sector.

Media Contact

For a quick response, kindly e-mail or phone us with details of your request such as media outlet, topic, and deadline:
Telephone: 416-326-3965

Social Media

The IPC maintains channels on Twitter, YouTube and Linkedin in its efforts to communicate to Ontarians and others interested in privacy, access and related issues.