Privacy Breaches

A privacy breach is an information incident involving personal information about people, such as names, birthdates, social insurance numbers or client information. Information incidents occur when unwanted or unexpected events threaten privacy or information security. They can be accidental or deliberate and include the theft, loss, alteration or destruction of information.

For all information incidents, it’s important to take action as soon as possible. In the event of an information incident, follow these steps:

  1. Report
  2. Recover
  3. Remediate
  4. Prevent

The specific responsibilities of ministry employees, supervisors, service providers and the Ministry Chief Information Officer are outlined in the Information Incident Checklist (PDF).

For a more detailed description of these steps, consult the Information Incident Management Process (PDF) and the Process for Responding to Privacy Breaches (PDF).

Report

You must report the incident immediately to your supervisor. Your supervisor will ensure that senior managers and your Ministry Chief Information Officer are informed.

You or your supervisor must also immediately report the incident to the 24/7 Breach Reporting Line:

  1. Dial the Shared Services BC Service Desk at 250 387-7000 or toll-free at 1-866-660-0811
  2. Select Option 3
  3. Ask for an Information Incident Investigation

You will be contacted by investigators for further details and to provide advice on your next steps.

Recover

In consultation with the investigators, make every effort to recover the confidential or personal information to lessen the impact on the individuals involved and on government. Appropriate actions might include recovering missing records or equipment, correcting physical security flaws, or isolating the activity that led to the incident.

Remediate

Work with investigators, or others involved to determine the specifics of the incident, to resolve it and, if necessary, to notify affected individuals.

Prevent

Make any needed changes to your processes, understand your responsibilities, be diligent in the handling of confidential or personal information and be an active participant in developing a culture of prudent information management.