Reporting and Responding to Breaches

How to respond to a breach

If you become aware of a privacy breach, you should immediately take the following steps:

1. Identify and Contain

Identify the scope of the breach, then contain it by 1) retrieving any paper documents that have been disclosed inappropriately, or 2) requesting deletion and confirmation of deletion of any electronic information that was inappropriately disclosed.

2. Report

Immediately notify the Director/Manager of your department or program area, as well as the University’s Information and Privacy Archivist

3. Notify

If notification is necessary, the IPA will provide you with a template for notifying the affected parties (i.e., the person or people whose information was disclosed inappropriately).

4. Investigate

Work with the IPA to determine and record all relevant facts related to the breach, and make recommendations for how breaches may be avoided in the future.

5. Management Review

When the investigation is concluded, your department leadership team should ensure that any necessary changes are implemented, and that departmental staff are appropriately trained to prevent additional breaches.

Find out more details on the process.