Each data breach and each incident must be dealt with on a case by case basis as each case varies. Assessment of the circumstances and risks are done to decide the appropriate course of action.

The following steps may be taken by the Response Team (as appropriate):

• Immediately contain the breach (if this has not already occurred). Corrective action may include: retrieval or recovery of the personal information, ceasing unauthorised access, shutting down or isolating the affected system.
• evaluate the risks associated with the breach, including collecting and documenting all available evidence of the breach.
• Call upon the expertise of, or consult with, relevant staff in the particular circumstances.
• Engage an independent cyber security, if deemed neccessary.
• Assess whether serious harm is likely (with reference to the guidelines set by the Privacy Commissioner of Canada).
• Notify affected customers and the Privacy Commissioner if the breach constitutes the ‘real risk of significant harm’ to those who are potentially impacted.
• Consider developing a communication or media strategy including the timing, content and method of any announcements to customers and media.

The Response Team must undertake its assessment within 48 hours of being notified.