Data Breaches – Notification Procedure

In the event of a data breach we have developed a reporting procedure to inform affected staff, faculty and students and to maintain compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Digital Protection Act (DPA).

Should a breach occur, Yorkville University shall enact the following:

  • Direct notifications shall be sent to all individuals whom are confirmed, or suspected, as impacted by the breach.
    • Notifications will be sent by email to all email addresses registered for each individual on our systems.
    • In the event that the registered email address(es) for an individual are unreachable we will attempt contact by phone and/or postal mail.
  • Depending on the depth and severity of the breach the details may also be reported to other entities:
    • The Privacy Commissioner of Canada, as prescribed by the DPA
    • Third party vendors, partners and associates of the institution
  • In accordance with the DPA, Yorkville University shall retain all related systems, investigatory and notification data on a breach for a period of 24 months.

Breach of Security Safeguards Regulations: SOR/2018-64
March 28, 2018
http://www.gazette.gc.ca/rp-pr/p2/2018/2018-04-18/html/sor-dors64-eng.html

Order Fixing November 1, 2018 as the Day on which Certain Provisions of the Act Come into Force: SI/2018-32
April 18, 2018
http://www.gazette.gc.ca/rp-pr/p2/2018/2018-04-18/html/si-tr32-eng.html