Managing breaches

A privacy breach occurs when personal information is collected, retained, used, disclosed, or disposed of in ways that do not comply with Ontario’s privacy laws. All public sector organizations, health information custodians, children’s aid societies and other child and family service providers should have a privacy breach response plan.

Under Ontario’s access and privacy laws, child and family service providers and health information custodians are required to report certain privacy breaches to the IPC.

What to do in case of a breach


Report a privacy breach at your organization now.

Additional Resources

Privacy Breaches: Guidelines for Public Sector Organizations

Responding to a Health Privacy Breach: Guidelines for the Health Sector

Reporting a Privacy Breach to the Information and Privacy Commissioner: Guidelines for Service Providers under Part X of the Child, Youth and Family Services Act

Reporting a Privacy Breach to the IPC: Guidelines for the Health Sector, types of breaches that need to be reported to the IPC at the first reasonable opportunity

A Guide to Privacy and Access in Ontario Schools

Review our full list of guidance documents.

This post is also available in: French