Respond to a privacy breach at your business
On June 18, 2015, the Digital Privacy Act received Royal Assent. The Act introduces a number of amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). Among the amendments are new provisions related to breach reporting. However, the breach provisions will only come into force on a day to be fixed by order of the Governor in Council. For more information about the amendments, please see our fact sheet on the Digital Privacy Act.
A privacy breach is the loss of, unauthorized access to, or disclosure of, personal information. Breaches can happen when personal information is stolen, lost or mistakenly shared.
For businesses operating in Canada, such activity is “unauthorized” if it occurs in contravention of applicable privacy legislation, such as the Personal Information Protection and Electronic Documents Act (PIPEDA), or similar provincial privacy legislation.
The Office of the Privacy Commissioner of Canada (OPC) has developed resources to help businesses to take appropriate steps when a breach happens.
Read guidance that businesses can use to respond appropriately when a privacy breach occurs.
Forms and information for businesses subject to PIPEDA wanting to report a breach to the OPC.
- Date modified: