7 Mandatory Breach Reporting Requirements and Examples — Ontario

Mark you calendars , October 1st 2017 Mandatory Breach Reporting Requirements kick in.

THERE ARE 7 SITUATIONS WHERE YOU MUST NOTIFY THE ONTARIO PRIVACY COMMISSIONER OF A PRIVACY BREACH

  1. Use or disclosure without authority :  Looking at a family member, a celebrity, a politician records out of curiosity or for a malicious intent. Limited exceptions: accessing a record by mistake, or mailing a letter to the wrong address.
  2. Stolen Information: Laptop, Tablet, or paper theft or loss.  In addition to being subject to malware or ransomware.
  3. Extended Use or Disclosure: Following a reported breach, a sales company used records to market its products or services.
  4. Pattern or Similar Breaches: Letters are being sent to the wrong address, employees are repeatedly accessing a patient’s record.
  5. Disciplinary action against a college member:  A college member resigns, is suspended, or has their licenses revoked following or combined with a breach.
  6. Disciplinary action against a non college member: Resignation, Suspension, or firing of an employee following or during a breach.
  7. Significant Breach: the information is sensitive, large volume , large number of affected individuals, and more than one custodian or agent is involved.

Custodians will be required to start tracking privacy breach statistics as of January 1, 2018, and will be required to provide the Commissioner with an annual report of the previous calendar year’s statistics, starting in March 2019.

RELATED POST

Smart Privacy Auditing – An Ontario Healthcare Case Study

IPCS Smart Privacy Auditing Seminar On September 13, Dr. Waël Hassan, was a panelist at the Innovation Procurement Case Study…

 GDPR Responsibilities of Controllers and Processors

Responsibilities of Controllers and Processors What are controllers and processors under the GDPR? Controllers determine the purpose and means of…

What Is The GDPR?

What is the GDPR? The GDPR represents new legislation that is destined to replace the General Data Protection Regulation, which…

eDiscovery and Audits: The Solution to Unauthorized Access

eDiscovery and Audits: The Solution to Unauthorized Access Electronic medical records (EMRs) contain sensitive personal information that is strongly protected…

web
analytics