March 26, 2025 – Gatineau, Quebec
Privacy Commissioner of Canada Philippe Dufresne has launched a new online tool that will help businesses and federal institutions that experience a privacy breach to assess whether the breach is likely to create a real risk of significant harm to individuals.
The privacy breach risk self-assessment tool is a convenient web-based application that guides users through a series of questions to assess the sensitivity of personal information that is involved in a data breach, and the probability that it will be misused.
The results provided through this online tool will help organizations to conduct a risk assessment following a data breach and determine their required next steps, including notifying affected individuals.
Organizations that are subject to Canada’s federal private-sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), and federal government institutions, are required to report breaches that pose a real risk of significant harm to the Office of the Privacy Commissioner of Canada and to notify affected individuals.
Real risk of significant harm includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, financial loss, identity theft, negative effects on one’s credit record, and damage or loss of property.
In determining whether there is a real risk of significant harm, organizations must consider the degree of sensitivity of the personal information involved and the probability that the information will be misused.
Privacy breaches may result from identity theft, scams, hacking or other unauthorized access, be it deliberate or accidental. Sensitive information often includes personal health and financial data.
Quote
“Privacy breaches are growing in scale, complexity and severity and can cause serious harm to the people who have been affected. This new online tool will make it easier for organizations to assess the potential impacts on individuals who have been affected, to determine what steps they need to take following a breach.”
Philippe Dufresne
Privacy Commissioner of Canada
I went to bed one night after paying the final GST payment for 2024, very happy. 2024 entirely paid off for our corporation. One week later, I got a bill from CRA GST for $399,000 with a $600 bill for interest from October, 2024 to December 2024 and a penalty for $200 for filing by paper. I called the phone number on the CRA document and it was Collections. I was bullied and harassed by the agents at collections. How could a sales amount of $30,000 get billed $399,000.00? Please tell me that. I called GST and pointed out the errors and I applied to my Member of Parliament, Julie Dabrusin for an explanation. I got no explanation except that it is under review and I have to wait several months and that my corrections are being reviewed. This is a violation of Human Rights. Please send me the internal documents that caused this.
Did this have anything to do with an actual data breach? Why are you posting this here?