Commissioner's Blog

Dive into Commissioner Kosseim’s insightful blogs covering privacy, access, cyber safety, and beyond. Stay informed and explore the latest insights.

Managing privacy breaches in the public sector

News stories and alerts about data breaches are popping up on our news feeds and social media channels with increased regularity. To help Ontario’s public sector organizations manage and prevent privacy breaches, the IPC has updated its guidance.

A privacy breach occurs when personal information is collected, retained, used, disclosed, or disposed of in ways that do not comply with Ontario’s privacy laws.

The most common privacy breaches occur when unauthorized persons gain access to personal information. For example, personal information may be seized in a cyberattack, stolen from a portable device, or accessed by an employee for improper purposes.

The updated guidance provides the steps that public sector organizations should follow immediately upon learning of a privacy breach. It also outlines the IPC investigation process and practical measures organizations can implement to reduce the risk of future privacy breaches.

For organizations subject to Ontario’s health privacy law, refer to our guidance, Responding to a Health Privacy Breach: Guidelines for the Health Sector.

Media Contact

For a quick response, kindly e-mail or phone us with details of your request such as media outlet, topic, and deadline:

Email: @email
Telephone: 416-326-3965

Contact Us

Social Media

The IPC maintains channels on LinkedIn, X (formerly Twitter), YouTube and Instagram in its efforts to communicate to Ontarians and others interested in privacy, access and related issues.

Our Social Media Policy

Help us improve our website. Was this page helpful?
When information is not found

Note:

  • You will not receive a direct reply. For further enquiries, please contact us at @email
  • Do not include any personal information, such as your name, social insurance number (SIN), home or business address, any case or files numbers or any personal health information.
  • For more information about this tool, please see our Privacy Policy.