Report a Privacy Incident
A Privacy Incident occurs when Personal Information held by the University is shared accidentally or otherwise, with anyone who should not have access to such information.
Examples of Privacy Incidents include the following:
- An email containing Personal Information is sent to the wrong recipient, internal or external to the University;
- There is a loss or theft of a device (e.g., phone or laptop) containing Personal Information;
- There is a loss of a paper document, file or other physical object containing Personal Information;
- There is a wrongful use of Personal Information inside or outside of the University.
What to do when a Privacy Incident occurs
Employees have an important role to play when a Privacy Incident occurs so that it can first be handled according to the University's Guidelines for reporting and responding to a Privacy Incident and then recorded in the Privacy Incident Register.
Privacy Incidents must be reported immediately to the employee’s supervisor and/or Privacy Ambassador. Privacy Incidents can also be reported by filling out an Incident Register form or by contacting the Privacy Officer at privacy.office@concordia.ca.
