OIPC Logo
  • Contact Us
  • Site Map
  • Privacy Policy

Breaches

The OIPC is undertaking a review of its resources. If there is a resource from the previous website that is no longer available, please contact the office.

  • Advisory for Ransomware

    This advisory was developed to assist public bodies, health custodians and private organizations with preventing and responding to ransomware cyberattacks. Published in March 2016.

  • Breach Report Form

    This form is to be used by organizations, custodians and public bodies for reporting a privacy breach to the Commissioner. Updated in August 2018.

  • Causes of Breaches and Breach Prevention Recommendations

    This document helps organizations, custodians and public bodies in understanding some causes of breaches and recommendations to prevent breaches. Published in 2012.

  • Cybersecurity from a Privacy Regulator's Perspective

    On October 27, 2016, Commissioner Jill Clayton delivered a keynote presentation at Cybera's 2016 Cyber Summit, which focused on the Internet of Things, privacy breaches, privacy education, and privacy law from a European context.

  • Data Privacy Day Op-Ed: Privacy Breaches

    On January 28, 2016, the Commissioner submitted an op-ed to the Edmonton Journal and Calgary Herald for Data Privacy Day to emphasize the importance of valuing and protecting personal information by raising awareness about privacy breaches.

  • Key Steps in Responding to Privacy Breaches

    This document outlines the four key steps in responding to privacy breaches for use by organizations, custodians or public bodies. The purpose is to provide guidance on how to manage a privacy breach. Updated in August 2018.

  • Notifying Affected Individuals

    This document is to help organizations understand their obligations when notifying individuals affected by a privacy breach. Updated in August 2018.

  • OIPC Process for Determining Whether to Require Notification

    Under PIPA, the Commissioner is required to establish an expedited process for determining whether to require an organization to notify individuals affected by a privacy breach when a real risk of significant harm to an individual is obvious and immediate. This document sets out that process. Updated in August 2018.

  • Privacy Breach Response and Reporting under HIA

    This PowerPoint presentation is to be used by health custodians or their regulatory colleges and associations to train staff or memberships on the breach reporting obligations under HIA and to provide general guidance on managing a privacy breach. Published in August 2018.

  • Reporting a Breach to the Commissioner

    This document is designed to assist organizations and custodians in meeting legislated requirements when reporting a privacy breach to the Commissioner. Public bodies are encouraged to use this document when reporting a breach to the Commissioner. Published in August 2018.

  • Securing Personal Information: A Self-Assessment Tool for Organizations

    Organizations are required under law to take reasonable steps to safeguard the personal information in its custody or control from such risks as unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction. This tool was designed to help organizations determine, "How well is your organization protecting personal information?" Published in March 2012.

  • Two Years of Mandatory Breach Reporting: A Snapshot

    Following two years of the mandatory breach reporting and notification provisions under the Personal Information Protection Act, the OIPC released a report on what it has experienced since the provisions were enacted. Published in 2012.