What to do when you receive a privacy breach notification

Each year, the number of data breaches continues to climb, affecting more and more people. Breaches increase the risk that you could fall victim to identity theft or a financial loss if your personal information is compromised.

There are steps you can take to protect yourself if your personal information is affected by a breach that could cause a real risk of significant harm.

In such cases, businesses holding your personal information must notify you of the breach. They should:

• Contact you as soon as possible
• Tell you about the personal information that was compromised
• Explain what the organization has done to reduce any risk of harm to you
• Provide advice on what you can do to reduce your risk

What to do

• Read the notice carefully
• Keep the notice in a safe place
• Change your passwords (See our tips on passwords)
• Monitor your accounts
• Consider subscribing to credit alerts or ordering a credit report
• Stay vigilant as fraudsters may wait before trying to steal your information
• If you have questions about the communication you received, contact the organization.
• Information about who to contact with questions should be included on the breach notification. You can also check the organization’s privacy policy to find out who to contact. The person responsible for privacy issues at organizations is often called a privacy officer.

See our advice on raising a concern with a business and on responding to identity theft for more information.