We use cookies on this site to enhance your experience.
By selecting “Accept” and continuing to use this website, you consent to the use of cookies.
Privacy Breach Protocol
The University takes its obligation to protect the personal information in its care seriously. Through training and education, the University stresses to all ³Ô¹ÏÍø employees their responsibility to ensure personal information is kept confidential and secure.
In the event of a privacy breach, the following protocol will be followed:
STEP 1: IMMEDIATELY IMPLEMENT THE PRIVACY BREACH PROTOCOL
Any employee who believes or suspects a privacy breach has occurred must inform the University’s Privacy Office immediately.
The Privacy Office will then determine who else at the University should be involved in addressing the breach. This could include staff from Information and Communication Technologies, External Relations, Finance, or other areas.
STEP 2: STOP AND CONTAIN THE BREACH
University staff will work to identify the scope of the breach and take the necessary steps to contain it. This may include retrieving and securing any information that may have been disclosed, temporarily suspending access to the site, account, or system, and/or ensuring no copies of the information have been made or retained by the individual who was not authorized to receive the information.
STEP 3: NOTIFY THOSE AFFECTED BY THE BREACH
University staff will identify all individuals affected by the incident and notify them of the breach at the first reasonable opportunity. When providing this notification, the individual will be informed of what personal information was disclosed or accessed, the manner in which the breach occurred, and their right to file a formal privacy complaint with the Office of the Information and Privacy Commissioner of Ontario. Contact information for the unit where the breach occurred and the University’s Privacy Office will also be provided.
STEP 4: INVESTIGATION AND REMEDIATION
The University’s Privacy Office will conduct an internal investigation into the circumstances of the breach. This will include ensuring the breach has been appropriately contained and proper notification has been made, identifying how the breach occurred, reviewing existing policies and procedures and determining if these were followed, advising on changes to existing processes or the development of new policies or procedures to address the cause of the breach, and ensuring all staff are appropriately trained with respect to privacy compliance.
Depending on the nature of the breach, the University may notify the Office of the Information and Privacy Commissioner of Ontario of the incident and work with that office to determine what additional remedial actions should be taken and to assist the University preventing future similar occurrences.
For more information, contact the Privacy Office at privacy@wlu.ca or visit wlu.ca/privacy