- Records Management
- Digital preservation
Reporting and Responding to Breaches
How to respond to a breach
If you become aware of a privacy breach, you should immediately take the following steps:
1. Identify and Contain
Identify the scope of the breach, then contain it by 1) retrieving any paper documents that have been disclosed inappropriately, or 2) requesting deletion and confirmation of deletion of any electronic information that was inappropriately disclosed.
Immediately notify the Director/Manager of your department or program area, as well as the University’s Information and Privacy Archivist
If notification is necessary, the IPA will provide you with a template for notifying the affected parties (i.e., the person or people whose information was disclosed inappropriately).
Work with the IPA to determine and record all relevant facts related to the breach, and make recommendations for how breaches may be avoided in the future.
5. Management Review
When the investigation is concluded, your department leadership team should ensure that any necessary changes are implemented, and that departmental staff are appropriately trained to prevent additional breaches.
Find out more details on the process.