- Guidance for Organizations
-
Access to information
- Open government
- Responding to access requests
- Appeals
- Annual Statistical Reporting FAQ
- Interpretation bulletins
- Tribunal and Dispute Resolution Division policies
- Code of Procedure
- Part X of the Child, Youth and Family Services Act: A Guide to Access and Privacy for Service Providers
- CYFSA FAQ: Information for service providers
- Protection of privacy
- Health privacy
- Policy Consultations
Responding to a privacy breach
What is a privacy breach?
A privacy breach occurs when Ontario’s Personal Health Information Protection Act (PHIPA) has been contravened, for example, where personal health information is stolen, lost or if it is used or disclosed without authority.
PHIPA requires that, as a health information custodian (custodian), you must take reasonable steps to ensure that personal health information in your custody or control is protected against theft, loss, and unauthorized use and disclosure, and that the records containing the information are protected against unauthorized copying, modification or disposal. You must also take reasonable steps to ensure that personal health information is not collected without authority, and that records of personal health information are retained, transferred and disposed of in a secure manner.
As a custodian, you may become aware of a privacy breach in a number of ways, including:
- during the normal course of business
- an individual makes a complaint to you
- notification from the IPC when a formal complaint has been filed with our office
- the IPC initiates its own investigation