Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 273 Best Practice Steps for Breaches If you have discovered a privacy breach at your organization, contact your organization’s Privacy Officer immediately. Record all pertinent information related to the discovery of the breach. If the Commissioner becomes involved, the focus will be on whether the government institution handled the breach sufficiently in accordance with the four best practice steps outlined in this section. If the Commissioner issues an Investigation Report, it will address each of these four best practice steps outlined below and how the government institution addressed each step. For more on the Commissioner’s procedures when investigating a privacy breach see, The Rules of Procedure at Part 4. If you have been tasked with dealing with the privacy breach, consider the following four best practice steps: • Contain the breach • Notify affected individuals. • Investigate the breach. • Prevent future breaches. Contain the breach It is important to contain the breach immediately. In other words, ensure that personal information is no longer at risk. This may involve: • Stopping the unauthorized practice. • Recovering the records. • Shutting down the system that was breached. • Revoking access to personal information. • Correcting weaknesses in physical security.
RkJQdWJsaXNoZXIy MTgwMjYzOA==