Privacy breaches on campus should always be internally reported. However, on November 1, 2018 the law will change to create new legal requirements which affect parts of UPEI. In certain circumstances, UPEI will be required by law to report privacy breaches to Federal Privacy Commissioner of Canada and directly notify the people impacted by the breach.

The change was made to PIPEDA (the Personal Information Protection and Electronic Documents Act).  While these rules do not apply to the core functions of UPEI, it does apply where UPEI collects, uses, or discloses personal information in the course of true commercial activities.

To ensure compliance with our legal obligations, and to manage the situation properly, a privacy breach should be reported immediately to the Vice-President Administration and Finance, Jackie Podger. Failure to comply with the new rules could be an offence under the regulations, with a possible fine of up to $100,000.

Employees should also be aware that while this change only applies to commercial activities, UPEI is subject to a number of privacy obligations, and employees should seek guidance in any privacy breach.

If you have questions about these changes please contact the Chief Access to Information and Privacy Officer Patti Wheatley at pjwheatley@upei.ca or 902.894.2840.