Responding to a privacy breach - business units
Mount Royal University business units need to take the following steps below in the event of a privacy breach within their area.
Responding to a privacy breach - guide
Step 1: Contain
Make every effort to immediately contain the breach to prevent further harm to the individual(s) the information is about.
Step 2: Investigate
Once the breach is contained, investigate the cause of the breach and the associated risks to the individual(s) the information is about.
Step 3: Notification
Contact the University FOIP Office directly by phone (403) 440-7288 or email (foip@mtroyal.ca) to commence the notification letter process.
Notification needs to be sent to the affected individual(s) as quickly as possible to protect them from further harm.
In accordance with FOIP, notification must contain specific information based on the findings of the initial investigation, so that those concerned are well informed and are able to take the appropriate measures to protect themselves.
Depending on the sensitivity of the personal information involved other communication methods may be utilized in order to expedite the notification process.
Step 4: Prevention (Management Review)
After the privacy breach has been contained and the affected individuals have been notified of possible harm, the Manager of the business unit will work with the University FOIP Office to implement prevention measures within the area.