Overview 1. What is a privacy breach? 2. Examples of privacy breaches 3. Consequences of privacy breaches 4. Steps to handling a privacy breach 1. What is a Privacy Breach? A privacy breach occurs when there is unauthorized access, collection, use disclosure or disposal of personal information. 2. Examples of Privacy Breaches • Revealing the name of an applicant on an Access to Information Request • Sending personal information to the wrong: – Fax number – Mailing address – Email • Accessing personal information improperly 2. Examples of Privacy Breaches • Nova Scotia (April 2016) – Spa owner had similar fax number to mental health referral line – Went to CBC after receiving dozens of referral notices containing patient name, phone number and notes on mental health – Records were received over a ten year time period 2. Examples of Privacy Breaches • Eastern Health (March 2016) – Clerk caught snooping in patient files, ‘no longer employed’ at Eastern Health • Fines (2014) – Nurse at Eastern Health fined $1,000 for inappropriately accessing patient files – Accounting Clerk at Western Health fined $5,000 for accessing files 3. Consequences of Privacy Breaches • Less trust in organization • Risk of embarrassment to individuals • Risk of identity theft or financial loss (SIN and Credit Card) 4. How to Handle a Privacy Breach • • • • Step 1 – Contain the Breach Step 2 – Evaluate the Risks Step 3 – Notify Step 4 - Prevent 4. How to Handle a Privacy Breach Step 1 – Contain the Breach – Take steps to limit the breach • Eg. If you realize you sent an email to the wrong person, call the person and ask them to delete it 4. How to Handle a Privacy Breach Step 2 – Evaluate the Risks • Determine what information was breached and how • What are the risks? – Sensitivity of information – Number of people affected – Risk of identity theft, financial loss 4. How to Handle a Privacy Breach Step 3 – Notification • Required to notify individuals if there is a risk of significant harm. • Notify ATIPP Office and Privacy Commissioner’s office of any privacy breaches 4. How to Handle a Privacy Breach Step 4 – Prevent • How can similar breaches be prevented? Contact • For more information contact the ATIPP Office at 729-7073 or toll free at Tel: (877) 895-8891 or email atippoffice@gov.nl.ca • Privacy Breach reporting forms available at: http://www.oipc.nl.ca/pdfs/PrivacyBrea chIncidentReportForm.pdf