Document. Documenting the details of a privacy breach and your containment activity allows you to implement the correct remedial measures, respond to an investigation by the IPC, and evaluate your institution’s response. Such an evaluation is an important part of privacy management. Staff Document what happened (e.g., staff disclosed personal information without authority, intruder, third party service provider alert, equipment containing personal information lost or stolen, etc.), when, how breach was discovered, and what corrective action was taken. If breach identified by external source (e.g., individual, other institution, or third party service provider), document information provided, including contact information for follow-up, and any instructions given to reporting party (e.g., asking caller to mail back documents sent to wrong address). Immediately report breach to Manager. Program Manager Ensure details of breach and corrective action are appropriately documented. Third Party Service Provider Document what happened (e.g., staff disclose personal information without authority, intruder, equipment containing personal information lost or stolen, etc.), when, how breach was discovered, and what corrective action was taken. Fulfill contractual obligations.
Appears in 2 contracts
Sources: Transfer Payment Agreement, Transfer Payment Agreement