Report a privacy breach at your business


On June 18, 2015, the Digital Privacy Act received Royal Assent. The Act introduces a number of amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). Among the amendments are new provisions related to breach reporting. However, the breach provisions will only come into force on a day to be fixed by order of the Governor in Council. For more information about the amendments, please see our fact sheet on the Digital Privacy Act.

When an organization doing business in Canada experiences a privacy breach, it should evaluate the situation and decide the most appropriate response. Depending on the situation, the business may choose to report the breach to the Office of the Privacy Commissioner of Canada (OPC).

For more information about how to respond to a breach and when breach reporting is appropriate, see our guide titled Key Steps for Organizations in Responding to Privacy Breaches.

Organizations that choose to report a privacy breach to the OPC can use the form on this page to notify our Office. Please see the form for more information, including how to submit a breach report.

You can view this form in:

  • RTF format: This form can be opened in most text editors including MS Word or WordPerfect. You might need to save the form on your computer before completing.
  • PDF format: You might need to save the form on your computer before completing.

The purpose of the incident report form is to assist organizations in notifying OPC of any material breaches.

For more information, or to discuss a potential breach report, please call one of our Breach Response Officers at (819) 994-5444 or Toll-free: 1-800-282-1376.

Date modified: