Introduction: How should I respond to a privacy breach?

A short video explaining your legal obligations after a breach happens. This video complements our guidelines on mandatory breach requirements.

Narrator: If you’re watching this video series, you might be asking the question,

How should I respond to a privacy breach?

Narrator: how should I respond to a privacy breach that has taken place at my business?

Narrator: Unfortunately, businesses and organizations of all sizes can be affected by breaches.

Narrator: It’s therefore important to understand your legal obligations after a breach happens, as well as how Canada’s federal private sector privacy law applies to you.

The Personal Information Protection and Electronic Documents Act


Narrator: The Personal Information Protection and Electronic Documents Act, or PIPEDA, outlines a number of actions you’ll need to take following a breach.

Narrator: These include notifying the Office of the Privacy Commissioner of Canada, OPC,

Narrator: and affected individuals about privacy breaches,

Breach records

Narrator: and keeping records of all these breaches.

Narrator: It is an offense to knowingly contravene these requirements,

Narrator: and there can be financial penalties for not meeting your legal obligations.

Narrator: The law defines a privacy breach as the loss of, unauthorized access to, or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards.

Narrator: In this video series, you will learn about:

Narrator: Real risk of significant harm to individuals,

Narrator: Your obligations for reporting privacy breaches,

Narrator: How to submit a privacy breach report to the OPC,

Narrator: When and how to notify people, and other organizations,

Narrator: and, keeping records of every privacy breach.

Narrator: it means that the personal information involving one or more individuals could be at risk.

Narrator: When there’s a privacy breach, it’s always a serious concern.

Narrator: Handling breaches effectively can help to preserve or restore confidence and trust in your business.

Narrator: First you’ll need to assess if a breach at your business needs to be reported to the OPC,

Narrator: and to notify the affected individuals.

Narrator: You must report a breach of any personal information under your control to the OPC,

Narrator: if it is reasonable to believe that the breach of security safeguards creates a real risk of significant harm to an individual.

Narrator: Whether a breach of security safeguards affects one person,

Narrator: Or a thousand people, you need to report it if there is a real risk of significant harm resulting from the breach.

Narrator: Dealing with breaches transparently is not just about following the law.

Narrator: It sends a message to your customers and clients, staff or others, that even during challenging times, you take their interests to heart.

