Privacy breach response

A privacy breach is any unauthorized collection, use, alteration, disclosure, loss, or destruction of personal health information the cause of which can either accidental or deliberate.

Breaches are serious violations and are potential grounds for prosecution under the Act and may result in serious employment consequences for the employees involved. 

How do we manage breaches? 

  • Have a detailed and established policy and process in place with roles, responsibilities and response time standards. Ensure all staff handling personal information and using information systems know these procedures well. 
  • Contain the breach: as required, shut down the system, access privileges, or activities and make reasonable efforts to retrieve information released or lost. 
  • Evaluate the severity level based on both the nature and volume of the information, the potential harm to the subjects and who may have had unauthorized access. 
  • Report identified breaches as quickly as possible to the AUArts FOIP Coordinator, who will direct the response and notify the regulator and potential subjects, if necessary. 
  • Assist the FOIP Coordinator and others involved in the response in investigating the cause of the breach. 
  • Recommend and implement measures and practices to prevent or mitigate harm from similar breaches in the future. This will include employee education, and a determination whether employees violated privacy and security policy and as a result, could face sanctions.