Report a privacy breach at your organization
A privacy breach is the loss of, unauthorized access to, or disclosure of, personal information. Breaches can happen when personal information is stolen, lost or mistakenly shared.
Federal institutions subject to the Privacy Act or businesses subject to the Personal Information Protection and Electronics Document Act (PIPEDA) may be required to report a privacy breach to the Office of the Privacy Commissioner of Canada (OPC), depending on the situation and their obligations under the applicable law.
Our Office only accepts breach reports directly from the organizations subject to the Privacy Act or PIPEDA. However, individuals affected by a breach and wanting to bring concerns about a breach to our attention can contact our Information Centre for more details or visit our Report a Concern page to access information about bringing privacy issues to the OPC’s attention.
For more information about responding to privacy breaches, see our Privacy breaches topic page, which features guidance such as:
- Treasury Board’s Directive on Privacy Practices, Appendix B: Mandatory Procedures for Privacy Breaches (for federal institutions)
- What you need to know about mandatory reporting of breaches of security safeguards (for businesses subject to PIPEDA)
If you would like to engage with our Office about a privacy breach that has occurred, choose the relevant option below.
Forms and information for businesses subject to PIPEDA to report a breach to the OPC.
Guidelines, reporting forms
- Date modified: