Privacy Breach Protocol

Version Date: Sept. 2022

STEP 1: IMPLEMENT PRIVACY BREACH PROTOCOL

Notify all relevant staff of the breach, including Chief Privacy Officer.
Develop and execute a plan designed to contain the breach and notify those affected.

STEP 2: NOTIFY THE POLICE IF REQUIRED

Determine if the nature of the breach requires engagement by law enforcement.
If law enforcement is required, determine the jurisdiction responsible and report the breach at the first reasonable opportunity, either online or by mail.

STEP 3: STOP AND CONTAIN THE BREACH

Identify the scope of the breach and take the necessary steps to contain it, including:

Retrieve and secure any personal information that has been disclosed.
Ensure that no copies of the personal information have been made or retained by the individual who was not authorized to receive the information. The contact information of impacted users should be obtained, in the event that follow-up is required.
Determine whether the privacy breach would allow unauthorized access to any other personal information (e.g. an electronic information system) and take necessary steps, such as changing passwords, identification numbers and/or temporarily shutting the system down.

STEP 4: NOTIFY THOSE AFFECTED BY THE BREACH

Take the necessary steps to notify those individuals whose privacy was breached, including:

Identify all affected individuals and notify them of the breach at the first reasonable opportunity.
When notifying individuals affected by a breach:

Provide details of the breach to affected individuals, including the extent of the breach and what personal information was involved.
Advise all affected individuals of the steps that you are taking to address the breach, and that they are entitled to make a complaint to the Police. If you have reported the breach to the Police, advise them of this fact.
Provide contact information for someone within your organization who can provide additional information, assistance, and answer questions.

STEP 5: INVESTIGATION AND REMEDIATION

Conduct an internal investigation, including:

Ensure that the immediate requirements of containment and notification have been met.
Review the circumstances surrounding the breach.
Review the adequacy of your existing policies and procedures in protecting personal information.

Ensure all staff are appropriately educated and trained with respect to compliance with the privacy protection.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

AI & Machine Learning