You must have JavaScript enabled to use this form. For use by the following organizations reporting a theft, loss or unauthorized use or disclosure (or unauthorized collection by means of the EHR) of personal information or personal health information (as applicable) to the Information and Privacy Commissioner of Ontario (IPC):Health information custodians and coroners under the Personal Health Information Protection Act, 2004Institutions under the Freedom of Information and Protection of Privacy Act or the Municipal Freedom of Information and Protection of Privacy ActChild and family service providers under the Child, Youth and Family Services Act, 2017Important Note: Do not include any personal information or personal health information with this form.The IPC recognizes that the investigation, containment, and remediation of this privacy breach may not be complete at the time this form is submitted. Please provide as much of the requested information as is presently known.The IPC may request additional information after reviewing this form. Date of this Report (required) Type of organization: (required) Health information custodian - you are reporting a breach as required under subsection 12(3) or clause 55.5(7)(b) of the Personal Health Information Protection Act, 2004 and Ontario Regulation 329/04 made pursuant to that act Coroner - you are reporting a breach as required under subsection 18.10(1) or clause 18.10(4)(b) of Ontario Regulation 329/04 Institution (ministry, municipality, etc.) - you are reporting a breach under the Freedom of Information and Protection of Privacy Act or the Municipal Freedom of Information and Protection of Privacy Act Child and family service provider - you are reporting a breach under the Child, Youth and Family Services Act, 2017 Name of reporting organization: (required) Address of reporting organization: (required) The first and last name of individual submitting on behalf of reporting organization: (required) Phone number: (required) Email address: (required) Description of the privacy breach Please describe the circumstances of the privacy breach, includingWhat happened?Describe how personal information/personal health information (as applicable) came to be stolen or lost or used or disclosed without authority (or collected without authority by means of the EHR)Date (or date range) of theft(s), loss(es) or unauthorized use(s) or disclosure(s) (or unauthorized collection(s) by means of the EHR) of personal information /personal health informationDate privacy breach was discovered by the reporting organizationHow this privacy breach was discovered by the reporting organizationWere other organizations (health information custodians/service providers/institutions) involved in this privacy breach? Please explain.Describe the nature of the personal information /personal health information that was stolen or lost or used or disclosed without authority (or collected without authority by means of the EHR)The number of individuals whose personal information /personal health information was stolen or lost or used or disclosed without authority (or collected without authority by means of the EHR) Containment Please describe the steps that have been taken to contain the privacy breach, the date that such steps were taken, and the outcome of these steps (including whether these steps were successful in containing the privacy breach). Notification (required) Were the individuals whose personal information or personal health information was stolen or lost or used or disclosed (or collected without authority by means of the EHR) without authority notified of this privacy breach? Yes No If yes, on what date was notification provided? Investigation/Remediation What steps have you taken to investigate this privacy breach? What steps remain to be taken to investigate this privacy breach? What steps have you taken to remediate and prevent a future privacy breach? What steps remain to be taken to remediate and prevent a future privacy breach? Attach documents Unlimited number of files can be uploaded to this field.100 MB limit.Allowed types: gif, jpg, png, bmp, eps, tif, pict, psd, txt, rtf, html, odf, pdf, doc, docx, ppt, pptx, xls, xlsx, xml, avi, mov, mp3, ogg, wav, bz2, dmg, gz, jar, rar, sit, svg, tar, zip. Option 1: Send this now Option 2: Print the form and email to: @email or mail to:RegistrarInformation and Privacy Commissioner of Ontario1400-2 Bloor Street EastToronto, OntarioM4W 1A8 What happens next? Someone from our intake team will contact you to discuss your breach report.Find out more about managing privacy breaches.You can also contact our office by email at @email, by phone at 416-326-3333, toll-free at 1-800-387-0073 if you have questions. Leave this field blank
You must have JavaScript enabled to use this form. For use by the following organizations reporting a theft, loss or unauthorized use or disclosure (or unauthorized collection by means of the EHR) of personal information or personal health information (as applicable) to the Information and Privacy Commissioner of Ontario (IPC):Health information custodians and coroners under the Personal Health Information Protection Act, 2004Institutions under the Freedom of Information and Protection of Privacy Act or the Municipal Freedom of Information and Protection of Privacy ActChild and family service providers under the Child, Youth and Family Services Act, 2017Important Note: Do not include any personal information or personal health information with this form.The IPC recognizes that the investigation, containment, and remediation of this privacy breach may not be complete at the time this form is submitted. Please provide as much of the requested information as is presently known.The IPC may request additional information after reviewing this form. Date of this Report (required) Type of organization: (required) Health information custodian - you are reporting a breach as required under subsection 12(3) or clause 55.5(7)(b) of the Personal Health Information Protection Act, 2004 and Ontario Regulation 329/04 made pursuant to that act Coroner - you are reporting a breach as required under subsection 18.10(1) or clause 18.10(4)(b) of Ontario Regulation 329/04 Institution (ministry, municipality, etc.) - you are reporting a breach under the Freedom of Information and Protection of Privacy Act or the Municipal Freedom of Information and Protection of Privacy Act Child and family service provider - you are reporting a breach under the Child, Youth and Family Services Act, 2017 Name of reporting organization: (required) Address of reporting organization: (required) The first and last name of individual submitting on behalf of reporting organization: (required) Phone number: (required) Email address: (required) Description of the privacy breach Please describe the circumstances of the privacy breach, includingWhat happened?Describe how personal information/personal health information (as applicable) came to be stolen or lost or used or disclosed without authority (or collected without authority by means of the EHR)Date (or date range) of theft(s), loss(es) or unauthorized use(s) or disclosure(s) (or unauthorized collection(s) by means of the EHR) of personal information /personal health informationDate privacy breach was discovered by the reporting organizationHow this privacy breach was discovered by the reporting organizationWere other organizations (health information custodians/service providers/institutions) involved in this privacy breach? Please explain.Describe the nature of the personal information /personal health information that was stolen or lost or used or disclosed without authority (or collected without authority by means of the EHR)The number of individuals whose personal information /personal health information was stolen or lost or used or disclosed without authority (or collected without authority by means of the EHR) Containment Please describe the steps that have been taken to contain the privacy breach, the date that such steps were taken, and the outcome of these steps (including whether these steps were successful in containing the privacy breach). Notification (required) Were the individuals whose personal information or personal health information was stolen or lost or used or disclosed (or collected without authority by means of the EHR) without authority notified of this privacy breach? Yes No If yes, on what date was notification provided? Investigation/Remediation What steps have you taken to investigate this privacy breach? What steps remain to be taken to investigate this privacy breach? What steps have you taken to remediate and prevent a future privacy breach? What steps remain to be taken to remediate and prevent a future privacy breach? Attach documents Unlimited number of files can be uploaded to this field.100 MB limit.Allowed types: gif, jpg, png, bmp, eps, tif, pict, psd, txt, rtf, html, odf, pdf, doc, docx, ppt, pptx, xls, xlsx, xml, avi, mov, mp3, ogg, wav, bz2, dmg, gz, jar, rar, sit, svg, tar, zip. Option 1: Send this now Option 2: Print the form and email to: @email or mail to:RegistrarInformation and Privacy Commissioner of Ontario1400-2 Bloor Street EastToronto, OntarioM4W 1A8 What happens next? Someone from our intake team will contact you to discuss your breach report.Find out more about managing privacy breaches.You can also contact our office by email at @email, by phone at 416-326-3333, toll-free at 1-800-387-0073 if you have questions. Leave this field blank
