Privacy Breaches and Complaints

While rare, a breach of personal information is a serious matter that requires an immediate response. A privacy breach occurs when personal information is accessed, collected, used, disclosed or disposed of in ways that do not comply with the provisions of the Act. The most common breach of personal privacy is the unauthorized disclosure of personal information. Such circumstances may result from the loss, removal, theft or inadvertent disclosure or disposal of personal information. This section also contains information about how to make a privacy complaint.

Procedure for Making a Privacy Complaint

If you believe the University has collected, used or disclosed your personal information in contravention of Part 3 of the Freedom of Information and Protection of Privacy Act, you have the right to complain. Please refer to the University's procedure, which outlines the steps to make a complaint and seek a satisfactory resolution.

Making a Privacy Complaint

This document lists the steps in processing a privacy complaint.

How to Respond to a Privacy Breach

Employees need to know what immediate steps to take to respond to a privacy breach.

  1. Identify and Contain
    Identify the scope of the breach. Contain the breach by:
    1. retrieving any paper documents and
    2. requesting deletion and confirmation of deletion of any electronic information that was inappropriately disclosed.

  2. Report
    Immediately notify the Director/Manager of the program area and the University's Information and Privacy Officer (IPO).

  3. Notify
    Notify the affected individuals. The IPO will provide a template notification form.

  4. Investigate
    Work with the IPO to determine and record all relevant facts and make recommendations.

  5. Management Review
    When the investigation is concluded, ensure that any necessary changes are implemented and staff are appropriately educated and trained.

Please see the Privacy Breach Procedure for more detailed information.

Privacy Breach PDF Form

Complete and email the online form to privacy@sfu.ca when a privacy breach is discovered.