Preventing and Managing Breaches

Public institutions governed by the Freedom of Information and Protection of Privacy Act and Municipal Freedom of Information and Protection of Privacy Act should adopt proactive measures to prevent a privacy breach from occurring.


CONTAINMENT AND NOTIFICATION

If faced with a privacy breach, there are two priorities that must be addressed immediately:

  1. Containment: Identify the scope of the potential breach and take the steps necessary to contain it
  2. Notification: Affected individuals must be notified as soon as possible

 

INVESTIGATE AND REMEDIATE

Once the breach is contained and the affected parties are notified, you must conduct an internal investigation. Do the following in quick succession:

  • review containment measures taken
  • determine if breach effectively contained
  • ensure individuals notified
  • review circumstances of breach
  • review adequacy of policies and procedures
  • develop recommendations to prevent future breaches
  • implement recommendations

 

Review our full list of guidance documents.

For information on health privacy breaches: