Report a privacy breach at your business


On June 18, 2015, the Digital Privacy Act received Royal Assent. The Act introduced a number of amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). Among the amendments were new provisions related to breach reporting, which will come into force on November 1st, 2018. The new Breach of Security Safeguards Regulations published in the Canada Gazette on April 18, 2018 will also come into force on November 1st, along with the related statutory requirements.

When an organization doing business in Canada experiences a privacy breach, it should evaluate the situation and decide the most appropriate response. Depending on the situation, the business may choose to report the breach to the Office of the Privacy Commissioner of Canada (OPC).

For more information about how to respond to a breach and when breach reporting is appropriate, see our tips titled Tips for containing and reducing the risks of a privacy breach.

Organizations that choose to report a privacy breach to the OPC can use the form on this page to notify our Office. Please see the form for more information, including how to submit a breach report.

You can view this form in:

  • RTF format: This form can be opened in most text editors including MS Word or WordPerfect. You might need to save the form on your computer before completing.
  • PDF format: You might need to save the form on your computer before completing.

The purpose of the incident report form is to assist organizations in notifying OPC of any material breaches.

For more information, or to discuss a potential breach report, please call one of our Breach Response Officers at (819) 994-5444 or Toll-free: 1-800-282-1376.

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.


Date modified: