Respond to a privacy breach at your business

Notice

On June 18, 2015, the Digital Privacy Act received Royal Assent. The Act introduces a number of amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). Among the amendments are new provisions related to breach reporting. However, the breach provisions will only come into force on a day to be fixed by order of the Governor in Council. For more information about the amendments, please see our fact sheet on the Digital Privacy Act.

A privacy breach is the loss of, unauthorized access to, or disclosure of, personal information. Breaches can happen when personal information is stolen, lost or mistakenly shared.

For businesses operating in Canada, such activity is “unauthorized” if it occurs in contravention of applicable privacy legislation, such as the Personal Information Protection and Electronic Documents Act (PIPEDA), or similar provincial privacy legislation.

The Office of the Privacy Commissioner of Canada (OPC) has developed resources to help businesses to take appropriate steps when a breach happens.

Key Steps for Organizations in Responding to Privacy Breaches

Read guidance that businesses can use to respond appropriately when a privacy breach occurs.

Report a privacy breach at your business

Forms and information for businesses subject to PIPEDA wanting to report a breach to the OPC.

Date modified: