Preventing and Managing Breaches

Public institutions governed by the Freedom of Information and Protection of Privacy Act and Municipal Freedom of Information and Protection of Privacy Act should adopt proactive measures to prevent a privacy breach from occurring.


If faced with a privacy breach, there are two priorities that must be addressed immediately:

  1. Containment: Identify the scope of the potential breach and take the steps necessary to contain it
  2. Notification: Affected individuals must be notified as soon as possible



Once the breach is contained and the affected parties are notified, you must conduct an internal investigation. Do the following in quick succession:

  • review containment measures taken
  • determine if breach effectively contained
  • ensure individuals notified
  • review circumstances of breach
  • review adequacy of policies and procedures
  • develop recommendations to prevent future breaches
  • implement recommendations


Review our full list of guidance documents.

For information on health privacy breaches: