MENU
Responding to a privacy breach - Departments
Mount Royal University Departments need to take the following steps below in the event of a privacy breach within their area.
Responding to a privacy breach - guide
Step 1: Contain
Make reasonable efforts to immediately contain the breach to prevent further harm to the individual(s) the information is about.
Step 2: Investigate
Once the breach is contained, and if you haven't already, inform the Privacy Office. The Privacy Office will determine if the breach is substantiated, then investigate the cause of the breach and the associated risks to the individual(s) the information is about.
Step 3: Notification
Contact the University Access and Privacy Office directly by phone (403) 440-7288 or email (foip@mtroyal.ca) to commence the privacy breach response process.
Notification needs to be sent to the affected individual(s) as quickly as possible to protect them from further harm.
In accordance with the POPA, notification must contain specific information based on the findings of the initial investigation, so that those concerned are well informed and are able to take the appropriate measures to protect themselves.
Depending on the sensitivity of the personal information involved other communication methods may be utilized in order to expedite the notification process.
Step 4: Prevention (Management Review)
After the privacy breach has been contained and the affected individuals have been notified of possible harm, the Manager of the Department will work with the University Access and Privacy Office to implement prevention measures within the area.