A privacy breach is an information incident involving personal information about people, such as names, birthdates, social insurance numbers or client information. Information incidents occur when unwanted or unexpected events threaten privacy or information security. They can be accidental or deliberate and include the theft, loss, alteration or destruction of information.
For all information incidents, it’s important to take action as soon as possible. In the event of an information incident, follow these steps:
The specific responsibilities of ministry employees, supervisors, service providers and the Ministry Chief Information Officer are outlined in the Information Incident Management Policy. For a more detailed description of steps that can be taken immediately, consult the Information Incident Checklist (PDF).
You must report the incident immediately to your supervisor. Your supervisor will ensure that senior managers and your Ministry Chief Information Officer are informed.
You or your supervisor must also immediately report the incident to the 24/7 Breach Reporting Line:
- Dial the Shared Services BC Service Desk at 250 387-7000 or toll-free at 1-866-660-0811
- Select Option 3
- Ask for an Information Incident Investigation
You will be contacted by investigators for further details and to provide advice on your next steps.
In consultation with the investigators, make every effort to recover the confidential or personal information to lessen the impact on the individuals involved and on government. Appropriate actions might include recovering missing records or equipment, correcting physical security flaws, or isolating the activity that led to the incident.
Work with investigators, or others involved to determine the specifics of the incident, to resolve it and, if necessary, to notify affected individuals.
Make any needed changes to your processes, understand your responsibilities, be diligent in the handling of confidential or personal information and be an active participant in developing a culture of prudent information management.