Data Breaches – Notification Procedure
In the event of a data breach we have developed a reporting procedure to inform affected staff, faculty and students and to maintain compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Digital Protection Act (DPA).
Should a breach occur, Yorkville University shall enact the following:
- Direct notifications shall be sent to all individuals whom are confirmed, or suspected, as impacted by the breach.
- Notifications will be sent by email to all email addresses registered for each individual on our systems.
- In the event that the registered email address(es) for an individual are unreachable we will attempt contact by phone and/or postal mail.
- Depending on the depth and severity of the breach the details may also be reported to other entities:
- The Privacy Commissioner of Canada, as prescribed by the DPA
- Third party vendors, partners and associates of the institution
- In accordance with the DPA, Yorkville University shall retain all related systems, investigatory and notification data on a breach for a period of 24 months.
Breach of Security Safeguards Regulations: SOR/2018-64
March 28, 2018
Order Fixing November 1, 2018 as the Day on which Certain Provisions of the Act Come into Force: SI/2018-32
April 18, 2018