Report a privacy breach at your business

Organizations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) are required to:

• report to the Privacy Commissioner of Canada breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals,
• notify affected individuals about those breaches, and
• keep records of all breaches.

To learn more about obligations for businesses when a breach of security safeguards happens, see our guidance on what you need to know about mandatory reporting of breaches of security safeguards.

Submit your privacy breach report online

Organizations should use our secure online breach reporting form to:

• Submit reports of new privacy breaches as well as any documents relevant to the breach report

Note: If you have completed a privacy breach risk self-assessment, you can include the results (in PDF format) with your breach report

• Add documents to existing breach reports when you are following up with further information and already have a temporary tracking number or PIPEDA file number

Other ways to report a breach

Organizations can report a breach to the OPC in any format provided that the submission captures all the necessary information. Organizations can also use our PIPEDA breach report form (PDF format).

Submitting your completed PDF form

Submit your completed breach report (in PDF format) using the online breach reporting form.

1. On the Request a link to submit a breach report screen, enter your email address and select the Submit button.
2. You will receive an email from nepasrepondre-noreply@priv.gc.ca containing a unique link to access the PIPEDA breach report form. Select the Access the OPC’s secure breach reporting form link.
3. On the PIPEDA breach report screen, select New submission and then select Next.
4. On the New submission screen, select Upload a completed breach report form.
5. On the Submitter Information screen, enter your email and name and then select Next.
6. On the Upload breach report and supplementary information screen, upload your report and related documents. Select Next.
7. On the Download a copy of the breach report screen, save a copy of the breach report information you have entered and select Preview.
8. Review the information you have entered and make any edits required. If you make changes, save a new copy of your report, and then select the Submit button to submit the breach report.