University Secretariat

Privacy Breach Protocol

What is a privacy breach?

A privacy breach is an incident involving the unauthorized collection, use or disclosure of personal information. Unauthorized disclosures of personal information are the most common sources of privacy breaches and can occur when personal information is lost, stolen or inadvertently disclosed through human error.

Circumstances that could lead to a privacy breach include:

What is personal information?

 "Personal Information" is defined as recorded information about an identifiable individual. An individual's personal information includes information regarding his or her race, gender, home address, medical history, education history, identifying numbers (e.g. SIN, employee number, student number, etc.), financial or employment information, personal opinions, completed assignments and exams, and grades, comments and evaluations provided by an instructor.

What to do if a privacy breach occurs?

The University has a responsibility to protect personal information in its custody or control from unauthorized access or disclosure.  Upon discovery of a privacy breach, or suspected breach, the incident must be reported immediately to the relevant unit head (e.g., Dean’s Office) and to Western’s Information and Privacy Office. Decisions on how to respond to a suspected or confirmed privacy breach will be made on a case-by-case basis.

INFORM -

Contact Western’s Information and Privacy Office (Ext. 84541 or 84543)

Contact your Dean, Chair or Supervisor

CONTAIN -

Take steps to stop or minimize breach, where possible

Western's Information and Privacy Coordinator will work with the unit to ensure that the breach is contained, other relevant units are notified (e.g. ITS, OOR, CCPS), a full investigation is undertaken as appropriate, and steps are taken to prevent future breaches.

The following information, if known, will be helpful when reporting a breach:

Do not delay reporting a breach even if some of this information is not available.


Spring, 2008; Rev. 05/09