Privacy breaches

Topic

23 October 2023

Privacy are usually minor and caused by human error. If you create or discover a privacy breach, the focus is on protecting the person or people whose privacy has been breached, minimising the impact where possible, and preventing further breaches, not blaming individuals. See what to do if you create or discover a privacy breach at UC.��

HOW TO APPLY

What is a privacy breach?

A privacy breach occurs when an organisation or individual either intentionally or accidentally:

Provides unauthorised or accidental access to someone's personal information
Discloses, alters, loses or destroys someone's personal information
A privacy breach also occurs when someone is unable to access their personal information due to, for example, their account being hacked

If you aren’t sure if what has happened is a breach – tell us anyway and we can confirm if it was a privacy breach or a near miss.��Contact us on��privacy@canterbury.ac.nz.

��

If the privacy breach involves sending an email to an incorrect email address, follow these steps:

Contact the service desk at��0508 824 843 or +64 3 369 5000��to see if the emails can be removed from the incorrect recipient's inbox.
Contact us at��privacy@canterbury.ac.nz��to report it, and follow the rest of the process on this page.

��

Privacy Breaches occur. They are usually minor and��most commonly caused��by human error – often sending an email to an incorrect email address.

After discovering a privacy breach, the focus is on the protection of the person or people whose privacy has been breached, minimising the impact where possible, and preventing further breaches, not blaming individuals.��

It is important to follow the below steps if you create or discover a privacy breach at UC.

Contain

Privacy breach or near miss is discovered by a��University��staff��member/student/community member.��
Do not try and manage the situation yourself.��
Inform the potential privacy breach to your line Manager (if applicable) and to the��Information and Records Management (IRM)��team via��privacy@canterbury.ac.nz. Please include as much information as possible about the situation.
If this is a system breach please also contact the helpdesk (0508 824 843 or +64 3 369 5000) to get the issue stopped immediately.

Assess

The��IRM��team will assess:

What has happened��
How it has happened
What systems��or processes��are involved
Whose��information has been affected – staff, student, third party etc.
The scale of the breach – internal/external, email, system etc.
The type of information included��e.g.��medical info, home addresses
What could be done with this information by the recipient
What can be done to retrieve or secure the personal information

They will��make a plan��for response considering the risks associated with the breach. They will include appropriate individuals and teams across the campus as needed.

Notify

The team will decide who needs to be informed about the incident. This may be��the:

Individuals affected��
Stakeholders��
Public��
Privacy Commissioner

Some breaches need to be notified to the Privacy Commissioner. This must happen for all breaches involving medical information. All breaches which meet a threshold for ‘serious harm’ must be notified. The��IRM��team will decide this in line with��the Privacy Act and��guidance from the Privacy Commission.

Prevent

A key part of responding to Privacy breaches is reporting on them. All privacy breaches are tracked internally and reported on to senior management.��Please note – no individuals will be named in the report, the reporting is about the issue and solutions, not blame.

Reviewing what happened is the last key component. A review of the incident to check if there are system or process issues which can be improved. If��so��recommendations will be made from the team.

��ӰԺ

Menu

About UC

Mō UC

Study

Ako

Life

Te Ao o UC

Research

Rangahau

News and Events

Rongo o te Wā