Follow Us

Tweet Us! @MBOmbudsmanFind us on Facebook!Watch us on YouTube!

Privacy Breach Resources

What is a privacy breach?

A privacy breach occurs when there is unauthorized collection, use, disclosure or disposal of personal or personal health information. Such activity is “unauthorized” if it is not permitted by the Freedom of Information and Protection of Privacy Act (FIPPA) or the Personal Health Information Act (PHIA).

Privacy breaches can occur in various ways including when personal or personal health information about clients, patients, students or employees is stolen, lost or mistakenly disclosed.  Examples include the loss or theft of mobile devices (ex: laptops, USB sticks) or misdirected communication (ex: fax, email, mail).  

A privacy breach does not discriminate; it can happen to an organization of any size, it can affect one person or many and it can have significant consequences for the individuals affected, including identity theft, physical or mental harm, a damaged reputation, embarrassment, and loss of employment.

Responding to a Privacy Breach

Our practice note Key Steps in Responding to Privacy Breaches under FIPPA and PHIA is intended to assist public bodies and trustees in managing a privacy breach. It provides guidance on the four key steps in responding to a breach:

Our practice note Privacy Breach Notification Letter Checklist provides guidance on notifying affected individuals.

Reporting a Privacy Breach to Manitoba Ombudsman

FIPPA and PHIA do not require public bodies and trustees to report privacy breaches to our office. We encourage the voluntary reporting of breaches where there may be risk of harm to affected individuals (for example, physical harm, identity theft or harm to reputation).

For public bodies and trustees who wish to report a breach to our office, please use the Privacy Breach Reporting Form: