The OIPC is undertaking a review of its resources. If there is a resource from the previous website that is no longer available, please contact the office.
This advisory was developed to assist senior leaders and employees in all sectors who are regularly subject to phishing incidents, based on breach reports the OIPC receives. The advisory defines phishing, describes how phishing is executed, outlines what to watch for to prevent phishing incidents, gives examples of safeguards to help mitigate the risks of phishing, and provides an overview of what to do if and when a breach occurs. Published in May 2019.
This advisory was developed to assist public bodies, health custodians and private organizations with preventing and responding to ransomware cyberattacks. Published in March 2016.
This advisory was published in response to an increase in reported breaches involving cloud storage containers, or "web buckets", that are unintentionally exposed publicly online, typically through misconfigured properties or settings. The advisory is for organizations in the public, health and private sectors, and outlines what web buckets are, how web buckets are exposed, and privacy and security considerations for protecting personal or health information stored in web buckets. Published in October 2020.
This document outlines the four key steps in responding to privacy breaches for use by organizations, custodians or public bodies. The purpose is to provide guidance on how to manage a privacy breach. Updated in August 2018.
This document is to help organizations understand their obligations when notifying individuals affected by a privacy breach. Updated in August 2018.
Under PIPA, the Commissioner is required to establish an expedited process for determining whether to require an organization to notify individuals affected by a privacy breach when a real risk of significant harm to an individual is obvious and immediate. This document sets out that process. Updated in August 2018.
This PowerPoint presentation is to be used by health custodians or their regulatory colleges and associations to train staff or memberships on the breach reporting obligations under HIA and to provide general guidance on managing a privacy breach. Published in August 2018.
This document is designed to assist organizations and custodians in meeting legislated requirements when reporting a privacy breach to the Commissioner. Public bodies are encouraged to use this document when reporting a breach to the Commissioner. Published in August 2018.
Public bodies and organizations are required under law to take reasonable steps to safeguard the personal information in their custody or control from such risks as unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction. This tool is designed to help public bodies and organizations determine how well they are protecting personal information. Updated in October 2020.
Following two years of the mandatory breach reporting and notification provisions under the Personal Information Protection Act, the OIPC released a report on what it has experienced since the provisions were enacted. Published in 2012.
Copyright 2022 OIPC. All rights reserved.