OPC launches privacy breach risk self-assessment tool for federal institutions

March 26, 2025

Privacy Act Bulletins are intended to offer lessons learned, best practices and other important privacy news, trends and information related to privacy protection in the federal government. We encourage you to share this information with colleagues.

The Office of the Privacy Commissioner of Canada (OPC) has launched of a new online tool that will help federal institutions that experience a privacy breach to assess whether the breach is likely to create a real risk of significant harm to individuals.

The privacy breach risk self-assessment tool is a convenient web-based application that guides users through a series of questions to assess the sensitivity of personal information that is involved in a data breach, and the probability that it will be misused.

The results provided through this online tool will help institutions to conduct a risk assessment following a data breach and determine the required next steps, including notifying affected individuals and reporting the breach to the OPC and to the Treasury Board of Canada Secretariat (TBS).

Privacy breaches can cause serious harm to people who are impacted. Harms can include bodily harm, humiliation, damage to reputation or relationships, loss of employment, financial loss, identity theft, negative effects on one’s credit record, and damage or loss of property.

The federal Policy on Privacy Protection (section 4.2.12) issued by TBS requires that federal government institutions report material privacy breaches – that is those that create a real risk of significant harm – to the OPC and TBS. Federal government institutions must also notify affected individuals unless such notification would be inappropriate for security, confidentiality, legal or other reasons.

Language selection

Search and menus

Search

OPC launches privacy breach risk self-assessment tool for federal institutions

Further reading