Privacy Breach or Information Loss Reporting

Report a privacy breach

Any polytechnic student, employee, or member of the public can report a privacy breach to Lethbridge Polytechnic. Any polytechnic employee who becomes aware that an information loss or privacy breach has occurred must take immediate action.

  1. Complete the Privacy Breach or Information Loss Reporting Form immediately.
  2. Contain and mitigate the breach. If you can take any immediate steps to contain or mitigate the breach, do so.
  3. Cooperate with the Privacy Breach Team.

What happens after I report?

After receiving the form, the Privacy Breach Team will contact you. The Privacy Breach Team might need to collect more information, take steps to mitigate the incident, and report the incident to affected individuals, the Minister and the Office of the Information and Privacy Commissioner of Alberta if it meets the legal standard for Real Risk of Significant Harm (RROSH).

What is a privacy breach?

A privacy breach occurs when an individual's personal information, or data derived from personal information, is accessed, used, or disclosed without their consent, typically in violation of privacy laws or regulations. These breaches can happen in various ways, and they often lead to the unauthorized sharing or exposure of sensitive data.

  • Hacking, phishing, or other cybercrime attacks that access personal information
  • Personal information collected in error
  • Personal information used or disclosed for a purpose that is NOT consistent with the purpose for which it was collected
  • Stolen or misplaced files, laptops, thumb drives, etc.
  • Unauthorized access to personal information
  • Accidental or deliberate disclosure of personal information, including in email or other electronic communications

What is an information loss incident?

An information loss incident is similar to a privacy breach but involves sensitive business information of the polytechnic or a third party (such as a vendor or contractor). This may include:

  • Confidential business information of the polytechnic or a third party
  • Information that, if disclosed, would harm the business interests of the polytechnic or a third party

What are the consequences of a privacy breach or information loss incident?

  • Financial Loss: Victims may suffer from fraud or theft of funds.
  • Legal Penalties: The Protection of Privacy Act includes significant fines for organizations and individuals that fail to protect personal information.
  • Reputation Damage: The polytechnic could lose the trust of the community and suffer damage to our reputation.
  • Personal Harm: Individuals may experience identity theft, harassment or emotional distress.

Questions about Privacy Breaches can be directed to Privacy@lethpolytech.ca.