Preventing and managing breaches

Public sector institutions and health information custodians should adopt proactive measures to prevent a privacy breach from occurring.

Containment and notification

If faced with a privacy breach, there are two priorities that must be addressed immediately:

  1. Containment: Identify the scope of the potential breach and take the steps necessary to contain it
  2. Notification: Affected individuals must be notified as soon as possible


Investigate and remediate

Once the breach is contained and the affected parties are notified, you must conduct an internal investigation. Do the following in quick succession:

  • review containment measures taken
  • determine if breach effectively contained
  • ensure individuals notified
  • review circumstances of breach
  • review adequacy of policies and procedures
  • develop recommendations to prevent future breaches
  • implement recommendations


Report a privacy breach.

Review our full list of guidance documents.