Public bodies and private sector organizations may use this online form to self-report a privacy breach to the Office of the Information and Privacy Commissioner.
Public bodies are required under FIPPA to notify the OIPC and affected individuals of privacy breaches that could reasonably be expected to result in significant harm. The preferred method for public bodies to report privacy breaches is by using this form. Public bodies can also submit reports by emailing a privacy breach checklist to firstname.lastname@example.org
For more information, see Privacy breaches: tools and resources for public bodies.
NOTE FOR INDIVIDUALS: Do not use this form if you are making a complaint about the way a public body or organization has collected, used, disclosed or secured your personal information. If you believe your personal information has been lost or improperly collected, used, disclosed or accessed by a public body or organization, your first step is to file a written complaint directly to the public body or organization. If you are not satisfied with the response you receive, you may file a complaint.
Please submit this form as soon as possible. It is not necessary to complete every field, as long as you can provide us with enough information to start a file (contact information and a summary of the breach). You will be prompted to put information in each field but can input “tbd” if information is not yet known but will be provided later or “na” if no information will be provided. To use the form to provide additional information, include the term “follow-up” in the public body or organization field. Alternatively, if you have been assigned to a case review officer or investigator, you can provide them with follow-up information directly.
In the final step of this form, you can attach any relevant PDF and Word documents. Form content and attachments are encrypted in transit and in storage.
Once you submit the form, you will have the option to print a copy for your records.
Please only click the submit button once.