Privacy Breaches and Complaints
While rare, a breach of personal information is a serious matter that requires an immediate response. A privacy breach occurs when personal information is accessed, collected, used, disclosed or disposed of in ways that do not comply with the provisions of the Act. The most common breach of personal privacy is the unauthorized disclosure of personal information. Such circumstances may result from the loss, removal, theft or inadvertent disclosure or disposal of personal information. This section also contains information about how to make a privacy complaint.
Procedure for Making a Privacy Complaint
If you believe the University has collected, used or disclosed your personal information in contravention of Part 3 of the Freedom of Information and Protection of Privacy Act, you have the right to complain. Please refer to the University's procedure, which outlines the steps to make a complaint and seek a satisfactory resolution.
How to Respond to a Privacy Breach
Employees need to know what immediate steps to take to respond to a privacy breach.
- Identify and Contain
Identify the scope of the breach. Contain the breach by:
- retrieving any paper documents and
- requesting deletion and confirmation of deletion of any electronic information that was inappropriately disclosed.
Immediately notify the Director/Manager of the program area and the University's Information and Privacy Officer (IPO).
Notify the affected individuals. The IPO will provide a template notification form.
Work with the IPO to determine and record all relevant facts and make recommendations.
- Management Review
When the investigation is concluded, ensure that any necessary changes are implemented and staff are appropriately educated and trained.
Please see the Privacy Breach Procedure for more detailed information.