March 14, 2013
INSTRUCTIONS FROM THE PRIVY COUNCIL OFFICE(OFFICE FOR THE COORDINATION OF PARLIAMENTARY RETURNS)TO ORGANIZATIONS WITH RESPECT TO WRITTEN QUESTIONQ-1217
2013 -Mr. Angus
With respect to data, infonnation or privacybreaches at government departments, institutions and agencies, for each year from 2002 to 2012:
how manybreaches have occurred in total, broken down by (i) department, institution
agency, (ii) the number
breaches identified in
how many have been reported to the Office
Privacy Commissioner, broken down
(i) department, institution
agency, (ii) the number ofindividuals affected
the breach; and (c) how many breaches are known to have led to crùninal activity such as :fraud
identity theft,broken down
department, institution or agency?
ALL DEPARTMENTS AND AGENCIES
Organizations must obtain the information from their Access to Information and Privacy(ATIP) Coordinator and their Departmental Security Officer (DSO),· and any other arearesponsible for compiling information regarding breaches.Once the information iscompiled organizations are reminded to apply the principles of the
to ensure th at the information contained
the rresponse can be disclosed. ·
Organizations are required to enumerate each breach by fiscal year and include otherrequested information
the attached template.
Data. information or privacy breach: involves improper or unauthorized collection, use,disclosure, retention and/or disposai of protected persona! and/or classified informationincluding hard copies and electronic data.
Guidelines for Privacy Breaches: http://www.tbs-sct.gc.ca/pol/doceng.aspx?id=26154§ion=text
Persona/Information Protection and Electronic Documents Act