What is a privacy breach?
A privacy breach is a collection, use, disclosure, access, disposal, or storage of personal information, whether accidental or deliberate, that is not authorized by the Freedom of Information and Protection of Privacy Act (FIPPA). Personal information means recorded information about an identifiable individual other than business contact information.
A privacy breach is a type of information incident. Information incidents occur when unwanted or unexpected events threaten privacy or information security. They can be accidental or deliberate and include the theft, loss, alteration or destruction of information.
All UFV staff, faculty, administrators, contractors and volunteers must report suspected privacy breaches to their supervisor/manager and the Office of General Counsel.
After reporting a privacy breach, what steps should I follow?
| Action | Position responsible | |
|---|---|---|
| 1 | Report the privacy breach immediately to supervisor/manager and the Office of GeneraL Counsel. | Unit/department where breach occurred or was identified |
| 2 |
Contain the privacy breach and limit its impact by:
|
Office of General Counsel and other relevant units/departments |
| 3 |
Assessment The Office of General counsel will conduct a review of the circumstances that gave rise to the breach. The review will include: assessing the risks, identifying the cause and extent of the breach, identifying the personal information involved in the breach. |
Office of General Counsel |
| 4 |
Notification
|
Office of General Counsel and other relevant units/departments |
| 5 |
Prevention Implement measures to prevent recurrences of similar incidents. |
Office of General Counsel and unit/department manager |