Going forward organizations should be prepared to:

1. Submit New Breach Reports:
• Organizations can use the secure online form to submit reports of new privacy breaches.
• Include any relevant documents related to the breach report.
2. Add Documents to Existing Reports:
• If an organization has already submitted a breach report and obtained a temporary tracking number or PIPEDA file number, the organization can add documents to the existing report.
3. Request Access to the Form:
• If an organization needs access to the secure online breach reporting form, a link should be requested by emailing the breach response unit at notification@priv.gc.ca.

Data inputted through the online form will be automatically sent to both the Treasury Board of Canada Secretariat (TBS) and the OPC. A copy of the report will also be sent to the reporting institution with the OPC file number.

Using the online form will ensure organizations include all the information that institutions must report under the Directive on Privacy Practices.  Organizations can still report a breach to OPC in any format, including the PIPEDA breach report form pdf, if it includes all necessary information.

Businesses and governmental entities covered by Canada’s data privacy should continue to review and update incident response plans to reflect these and other legislative changes. Staying informed of current cybersecurity threats, identifying and addressing vulnerabilities, and confirming the adequacy of administrative, technical and physical controls continues to be essential.

The Constangy Cybersecurity & Data Privacy Team assists businesses of all sizes and industries develop a comprehensive incident response plan or support with a breach. We are here to help! The Constangy Cyber Team is available 24/7. Contact us at breachresponse@constangy.com or by phone at 877-DTA-BRCH.