Office of the Information and Privacy Commissioner
September 18, 2015
Commissioner Releases First Quarterly Privacy Breach Notification Statistics
The new Access to Information and Protection of Privacy Act (ATIPPA, 2015) contains a number of improvements to help ensure that the personal information of citizens is collected, used and disclosed appropriately and securely by government and other public bodies. One of the new requirements in ATIPPA, 2015 is that public bodies must report any and all privacy breaches to the Commissioner. In the Report of the 2014 Statutory Review of the ATIPPA, Chair Clyde Wells wrote:
"Since relatively few data breaches from public bodies are documented, the optimal requirement would be to report all breaches to the Commissioner, who could recommend any necessary follow up, notification of the affected parties if that has not already been done, preventative measures for the future, and so on."
Mr. Wells noted the following benefits to reporting privacy breaches:
"Data breach reporting better informs and protects individuals who may be the victims. It also sensitizes the public body and its personnel to the importance of data security at all times."
The Office of the Information and Privacy Commissioner has been receiving privacy breach reports from a number of public bodies, and through our outreach efforts we are working to ensure that all public bodies understand the requirement to forward all privacy breach reports to this Office. Commissioner Ed Ring noted that:
"If we receive a report into a breach of major significance, we have the ability to launch an investigation right away and get to the bottom of what has occurred, with a view to making recommendations to help public bodies prevent similar breaches in the future. At the other end of the scale, we also value knowing about even very minor breaches, because over time we can determine if certain types of breaches are occurring repeatedly, and this can help us decide whether we need to target education efforts a certain way or conduct an audit of information handling or security practices, whatever the case may be. In every case, we have the opportunity to discuss privacy breaches with public bodies and to help them avoid making similar mistakes in the future."
Privacy Breach Reporting Statistics for June 1, 2015 to August 31, 2015:
44 privacy breaches were reported to the Commissioner under ATIPPA, 2015 for this time period.
Summary by Public Body:
| City of St. John’s | 1 |
| College of the North Atlantic | 4 |
| Department of Advanced Education and Skills | 7 |
| Department of Child, Youth and Family Services | 7 |
| Department of Justice and Public Safety | 1 |
| Department of Transportation and Works | 3 |
| Eastern Health | 1 |
| Human Resource Secretariat | 2 |
| Memorial University of Newfoundland | 4 |
| Newfoundland and Labrador English School District | 3 |
| Newfoundland and Labrador Housing Corporation | 1 |
| Office of the Child and Youth Advocate | 1 |
| Office of the Information and Privacy Commissioner | 1 |
| Royal Newfoundland Constabulary | 1 |
| Service NL | 5 |
| Workplace Health, Safety and Compensation Commission | 2 |
Summary by Breach Type:
| 12 | |
| Fax | 3 |
| Intentional | 2 |
| In Person | 5 |
| Mail Out | 19 |
| Other | 3 |
- 30 -
Media contact:
| Ed Ring
Information and Privacy Commissioner 709-729-6309 |
2015 09 18 10:20 a.m.