Policies & Guidelines

Responding to a privacy breach - business units

Mount Royal University business units need to take the following steps below in the event of a privacy breach within their area.

Responding to a privacy breach - guide

Step 1: Contain

Make very effort to immediately contain the breach to prevent further harm to the individual(s) the information is about.

Step 2: Investigate

Once the breach is contained, investigate the cause of the breach and the associated risks to the individual(s) the information is about.

Step 3: Notification

Contact the University FOIP Office directly by phone (403) 440-7288 to commence the notification letter process.

Notification needs to be sent to the affected individual(s) as quickly as possible to protect them from further harm.

In accordance with FOIP, notification must contain specific information based on the findings of the initial investigation, so that those concerned are well informed and are able to take the appropriate measures to protect themselves.

Depending of the sensitivity of the personal information involved other communication methods may be utilized in order to expedite the notification process.

Step 4: Prevention (Management Review)

After the privacy breach has been contained and the affected individuals have been notified of possible harm, the Manager of the business unit will work with the University FOIP Office to implement prevention measures within the area.