What if there’s a privacy breach?

What if there’s a privacy breach?

Text appears on screen: What if there’s a privacy breach?

[In the background there is a photo of a male worker wearing an apron. In the foreground an image of a person in a trench coat and hat appears. The person is looking at a computer. The following text appears:]

• Hackers steal personal information from a company

[A new image appears of a USB key. The following text appears:]

• An employee loses a flash drive that contains customer data

[A new image appears of a person running. The person is carrying a sack. There is an icon of a person in the sack. The following text appears:]

• A disgruntled ex-employee walks off with customer information

[A new image appears of a square package labeled with arrows pointing up and an icon representing a person. The following text appears:]

• A package that contains personal information is mailed to the wrong person

[A new image appears of three envelopes that enter the screen from the left. The following text appears:]

• A mass email is sent out with everybody’s email address in the “to” section rather than the “bcc” section

Narrator: Even if you comply with the ten privacy principles and use the highest safeguards, breaches can and do happen. The actions you take to address privacy breaches if or when they occur can make all the difference for your business.

[An image of a small business appears, and a line goes around it, making a circle. Breaks appear in the circle. An icon representing a person pops out of the small business through a break in the circle.]

Narrator: The law requires you to:

• Report to the Privacy Commissioner’s office any breach of security safeguards which creates a real risk of significant harm.

[An image of a small business appears, then the logo of the Office of the Privacy Commissioner. A checkmark appears between the two images.]

Narrator:

• Notify affected customers of any breach of that nature.

[The logo of the Office of the Privacy Commission moves up to the top right side of the screen. An icon representing a person appears next to the small business. A checkmark appears between the two images.]

Narrator:

• Notify organizations that may be able to reduce the risk of harm or mitigate the harm that could result from the breach.

[The icon representing a person moves up to the top right side of the screen, under the other image. An image of an office tower appears, with a shield in front of it, next to the small business. A checkmark appears between the two images.]

Narrator:

• Keep records of all breaches for at least two years.

[The image of the office tower with a shield moves to the top right side of the screen, under the other images. A folder appears next to the small business. A checkmark appears between the two images. Then the folder moves up to the right side of the screen under the other images.]

Narrator:

Significant harm means

• Bodily harm

[An image appears of a person with their arm in a sling.]

Narrator:

• Humiliation, damage to reputation or relationships

[An image appears next to the first one, of a broken heart.]

Narrator:

• Loss of employment, business or professional opportunities

[An image appears next to the second one, of a briefcase crossed out.]

Narrator:

• Financial loss, identity theft, impacts on credit, or

[An image appears next to the third one, of a dollar sign, crossed out.]

Narrator:

• Damage to or loss of property

[An image appears next to the fourth one, of a house, crossed out.]

Narrator: Breach reports to the OPC should:

[The logo of the Office of the Privacy Commissioner appears on screen with each of the following items next to it in a checklist:]

• Describe the circumstances of the breach, when it happened and, if known, the cause
• List the personal information that was breached
• Specify the number of individuals affected
• Explain what steps the company has taken to reduce the risk of harm to affected customers

Text appears on screen: You can read more about responding to a privacy breach in the Privacy Guide for Businesses as well as the OPC’s guidance for responding to a privacy breach at your business.