OIPC Logo
  • Contact Us
  • Site Map
  • Privacy Policy

How to Report a Privacy Breach

Note: This page is meant for public bodies, health custodians and private sector organizations that have experienced a breach and intend to report the incident to the OIPC. For individuals who believe their privacy has been breached and may wish to file a complaint with the OIPC, please click here.

For Organizations, Public Bodies and Health Custodians

A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. Such activity is “unauthorized” if it occurs in contravention of the Freedom of Information and Protection of Privacy Act  (FOIP Act), Health Information Act (HIA) and Personal Information Protection Act (PIPA). 

For more information on responding to a breach, reporting a breach to the OIPC and notifying affected individuals about a breach check out the Breach Reporting Resources.

Although the breach reporting resources were developed for mandatory breach reporting under PIPA, they can also be used for voluntary breach reporting in the public and health sectors. The OIPC recommends breaches occurring to public bodies and health custodians be reported to the office to assist in mitigating the risks associated with breaches of personal or health information.