Policies & Guidelines

Reporting a privacy breach - complaints

If you believe that there has been a privacy breach in regards to personal information, notify the Mount Royal University Information Management & Privacy Advisor formally, in writing, by completing Section 1 of the Privacy Breach Report and submit it to the University FOIP Office located at: Kerby Hall A307 - 4825 Mount Royal Gate SW - Calgary, AB T3E 6K6.

You may also contact the University FOIP Office directly by phone (403) 440-7288, if more immediate steps are needed to be taken to contain the breach.

In Section 1 of the Privacy Breach Report summarize your concerns, including whether there has been an inappropriate collection, use, disclosure, or disposal of personal information. In addition, document the department that has the custody and control of the personal information in question, and the specific personal information that is at issue.

Mount Royal University will take immediate action to contain the breach, investigate the incident, notify those affected, and implement preventative measures through the following steps:

Step 1: Contain

  • Notify the department where the source of the breach occurred and implement containment to prevent further harm from the disclosure.
  • Recover/retrieve/destroy/shred the records containing the personal information.
  • Investigate security protocols concerning the breach and correct any immediate process weaknesses (physical, technical, administrative).
  • Review technical security protocols and limit access to key software systems where appropriate. (change passwords, access, identification numbers, or shut down system).

Step 2: Investigate

The Mount Royal University FOIP Office will commence with Section 2 of the Privacy Breach Report, which will:

  • Describe the incident and the steps taken to contain the privacy breach.
  • Evaluate level of harm.
  • Record and review all safeguards in place prior to the privacy breach.
  • Evaluate any immediate or ongoing risks concerned with personal Information in the department.
  • Document security findings related to personal information and recommendations.
  • Describe the actions required to prevent a future privacy breach (training, policies, security process, technical improvements).

Step 3: Notification

Once the Privacy Breach Report has been completed, affected individuals will be provided the results within Section 2 of the report, including the actions taken by the University.

Mount Royal University FOIP Office may also decide to report the privacy breach to the Information and Privacy Commissioner of Alberta depending on the overall evaluation of the breach and based on the following:

  • Whether the disclosed personal Information has been used to commit identity theft.
  • The sensitivity of the personal Information disclosed.
  • The severity or harm to individuals from the privacy breach.
  • The number of people affected by the breach.
  • The personal Information has not been fully recovered.

The Privacy Breach Report will outline whether the Privacy Commissioner has been notified by the University.

Step 4: Prevention - Management Review

The recommendations provided by the Privacy Breach Report within Section 2 will be presented to the Manager responsible for the respective department concerning the breach.

The Information Management & Privacy Advisor and the Manager will work together to ensure that the necessary changes are implemented so that a similar privacy breach will not occur again in the future.

Office of the Information and Privacy Commissioner of Alberta - Your Rights

The FOIP Act gives individuals who believe that their own personal information has been collected, used, or disclosed in contravention of the Act the right to ask the Alberta Information and Privacy Commissioner to review the matter.

All requests for a review must be submitted to the Commissioner, in writing, in accordance with sections 66 of the Act.

Office of the Information & Privacy Commissioner of Alberta (Calgary Office)
Suite 2460, 801 - 6th Ave SW
Calgary, Alberta
T2P 3W2
Phone: 1-888-878-4044
Email: generalinfo@oipc.ab.ca
Website: http://www.oipc.ab.ca/pages/FOIP/Concerns.aspx