The privacy breach management toolkit

To report a material privacy breach, privacy officials must use the Office of the Privacy Commissioner of Canada’s Material Breach Reporting Portal (under development) or the accessible Privacy Act Material Breach Report form.

About the Toolkit

The Policy on Privacy Protection requires federal institutions to have plans in place to respond to privacy breaches. These plans must:

  • address privacy breaches that affect any personal information under the control of the institution, including information held by a third party as part of a contract, agreement, or arrangement with the institution
  • include roles and responsibilities for managing a privacy breach
  • align with security requirements
  • meet the requirements of Appendix B: Mandatory Procedures for Privacy Breaches of the Directive on Privacy Practices

The toolkit provides non-mandatory guidance to institutions to support the management and prevention of privacy breaches. Although the toolkit contains four phases, there will be overlap during the breach management process. Privacy officials are encouraged to download and adapt the tools as necessary to meet the specific needs of their institutions.

Related links

Page details

Date modified: