Effective May 24, 2024, the Office of the Privacy Commissioner of Canada (OPC) has introduced a new online PIPEDA breach reporting form for federal institutions and businesses subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).
Going forward organizations should be prepared to:
- Submit New Breach Reports:
- Organizations can use the secure online form to submit reports of new privacy breaches.
- Include any relevant documents related to the breach report.
- Add Documents to Existing Reports:
- If an organization has already submitted a breach report and obtained a temporary tracking number or PIPEDA file number, the organization can add documents to the existing report.
- Request Access to the Form:
- If an organization needs access to the secure online breach reporting form, a link should be requested by emailing the breach response unit at notification@priv.gc.ca.
Data inputted through the online form will be automatically sent to both the Treasury Board of Canada Secretariat (TBS) and the OPC. A copy of the report will also be sent to the reporting institution with the OPC file number.
Using the online form will ensure organizations include all the information that institutions must report under the Directive on Privacy Practices. Organizations can still report a breach to OPC in any format, including the PIPEDA breach report form pdf, if it includes all necessary information.
Businesses and governmental entities covered by Canada’s data privacy should continue to review and update incident response plans to reflect these and other legislative changes. Staying informed of current cybersecurity threats, identifying and addressing vulnerabilities, and confirming the adequacy of administrative, technical and physical controls continues to be essential.