Privacy breaches can take many forms – from someone mistakenly sending an email containing sensitive personal information to the wrong person to a hacker stealing and exploiting someone’s information for profit. All breaches involve either the theft or loss of people’s personal information or a collection, use or disclosure of that information that contravenes BC’s privacy laws, the Personal Information Protection Act (PIPA) or part 3 of the Freedom of Information and Protection of Privacy Act(FIPPA).
Privacy breaches can cause significant harm, including identity theft, risk of physical harm, humiliation and damage to personal or professional reputations, and loss of business or employment opportunities.
The OIPC offers guidance to organizations and public bodies to assist them making key decisions after a privacy breach occurs.
Note for individuals: If you believe your personal information has been lost or improperly collected, used, disclosed or accessed by a public body or organization, your first step is to file a written complaint directly to the public body or organization. If you are not satisfied with the response you receive you may file a complaint.
The Commissioner continues to call on government to pass legislation requiring public bodies and organizations to report breaches to the OIPC and to those people who face the real risk of significant harm from a breach. In the meantime, we strongly recommend that breaches be reported to our office as a best practice. Managing privacy breaches properly is an important step towards alleviating harms –and preventing future breaches of personal information.
Where can I learn more about managing privacy breaches?
Privacy Breaches: Tools and Resources explains the four steps organizations and public bodies should take once a privacy breach has occurred. The guidance also includes a privacy breach checklist, notification tool, and policy template.
The OIPC PrivacyRight series helps small businesses and organizations in BC understand their obligations under the PIPA through webinars, videos, and podcasts. Webinar 8 deals specifically with Managing Privacy Breaches.
Securing Personal Information: A Self-Assessment Tool for Public Bodies and Organizations is like a privacy check-up for public bodies and organizations. The comprehensive checklist provides an assessment of the safeguards they may or may not have in place for protecting the personal information they collect, use, and disclose.