What to do if You Suspect a Privacy Breach?
- Immediately upon learning of a suspected privacy breach, employees should notify their direct supervisor(s) who in turn shall notify the applicable Department Head(s).
- If you are a student and you suspect a privacy breach please contact the Department Head (i.e. Dean or Vice-President) or the Privacy Coordinator directly who will notify the Department Head.
- The Department Head(s) will notify the Privacy Coordinator. The Department Head(s) is/are responsible for notifying the Privacy Coordinator as soon as reasonably possible after discovering or being notified of the breach.
- Employees are not to initiate investigation of the breach unless specifically asked to do so by their Department Head(s).
Overview of Responsibilities
The Department Head(s) is responsible for remediating any privacy breach and mitigating against future breaches. The Privacy Coordinator is responsible for assisting Department Head(s) and for maintaining a record of all College Privacy Breaches. Roles are further described below:
College Department Head(s) are responsible for:
a) Responding to inquiries from the College Community related to concerns about personal information (PI) and/or suspected breaches for their respective department(s);
b) Notifying the Privacy Coordinator of all Privacy Breaches and suspected Privacy Breaches within their Department;
c) Working with staff in their own Department(s) to follow the steps in this procedure to enable timely reporting to the Privacy Coordinator and/or Officer;
d) Ensuring Department staff are trained on and comply with this and all required procedures; and
e) Containing Privacy Breaches and mitigating against future Privacy Breaches.
The Privacy Coordinator is responsible for:
a) Maintaining a record of all confirmed College Privacy Breaches;
b) Working with Department Head(s) to assist with responses to internal PI inquiries and concerns;
c) Providing formal notification to individuals affected by a confirmed Privacy Breach;
d) Consulting with other Departments, senior management or legal counsel, as may be necessary;
e) Notifying the IPC of Privacy Breaches, where required; and
f) Reporting Privacy Breach statistics to the IPC annually.
Please review the Privacy Breach Procedure for further information.
Questions and concerns about the Operating Procedure can be directed to the Privacy Coordinator at firstname.lastname@example.org.