Common use of Brief Clause in Contracts

Brief. Briefing senior management and, potentially, your Minister’s Office is another crucial part of internal reporting, and needs to be done at the discretion of your Coordinator, Delegated Decision-Maker and Deputy Minister’s Office. The Deputy Minister will determine if briefing your Minister’s Office is necessary. It is recommended you report any privacy breach to your Deputy Minister’s Office in the following circumstances: • There is reasonable expectation of risk of harm to the individuals whose personal information is involved in the breach. • The personal information at issue in the breach is very sensitive (e.g., personal health information). • The scope of the breach is large in terms of the number of individuals affected or the amount of personal information disclosed. • The scope of the breach is unknown and, therefore, you cannot immediately implement the steps necessary to contain it. • The breach is the result of an unlawful act and law enforcement needs to be notified. • The breach was identified to your institution by the media or the IPC. • The breach is likely to result in media coverage. When briefing your senior management or Deputy Minister’s and Minister’s Offices, include the following information: • The nature and scope of the privacy breach (e.g., how many people are affected, what type of personal information is involved, the extent to which you have contained the breach) or, if the nature and scope are not known at the time of the briefing, that they are still to be determined. • What steps you have already taken, or will be taking, to manage the privacy breach. • Your plans to notify the individuals affected by the privacy breach and, if appropriate, the IPC and other parties. • Your timetable for providing senior management with regular updates about the breach and your ongoing management of it. Depending upon the nature of the privacy breach and your institution, it may be appropriate to brief your senior management, Deputy Minister’s and Minister’s Offices early in the response process. This will enable them to know what has occurred and how you are managing the privacy breach (i.e., what actions you are taking and planning, and when they will be updated on developments). This initial briefing may need to occur before you have fully completed your investigation. Keeping senior management and the Deputy Minister’s and Minister’s Offices informed throughout the life cycle of a privacy breach will help them understand how your institution is addressing the breach and mitigating its consequences. Program Manager and Coordinator Work together to: ▪ Evaluate the circumstances of the privacy breach (outlined on pages 19 and 20) to determine its severity and scope, in consultation with Legal Services and Issues Management/Communications. ▪ Develop briefing materials, including recommendations on: - response activities to manage the breach; - notice to the individuals affected by the breach Key Players Suggested Responsibilities and the IPC; and - need to report the breach to the Deputy Minister’s Office. ▪ Brief Delegated Decision-Maker(s) responsible for protection of the personal information involved in the privacy breach, as appropriate throughout the course of your institution’s response. Coordinator If a privacy breach is to be reported to your Deputy Minister’s Office, inform the IPA. Delegated Decision- Maker (if other than the Deputy Minister) Brief senior management and, if appropriate, the Deputy Minister’s Office, as necessary. Note: The Deputy Minister will determine if briefing the Minister’s Office is necessary.

Brief. Briefing senior management and, potentially, your Minister’s Office is another crucial part of internal reporting, and needs to be done at the discretion of your Coordinator, Delegated Decision-Maker and Deputy Minister’s Office. The Deputy Minister will determine if briefing your Minister’s Office is necessary. It is recommended you report any privacy breach to your Deputy Minister’s Office in the following circumstances: •  There is reasonable expectation of risk of harm to the individuals whose personal information is involved in the breach. •  The personal information at issue in the breach is very sensitive (e.g., personal health information). •  The scope of the breach is large in terms of the number of individuals affected or the amount of personal information disclosed. •  The scope of the breach is unknown and, therefore, you cannot immediately implement the steps necessary to contain it. •  The breach is the result of an unlawful act and law enforcement needs to be notified. •  The breach was identified to your institution by the media or the IPC. •  The breach is likely to result in media coverage. When briefing your senior management or Deputy Minister’s and Minister’s Offices, include the following information: •  The nature and scope of the privacy breach (e.g., how many people are affected, what type of personal information is involved, the extent to which you have contained the breach) or, if the nature and scope are not known at the time of the briefing, that they are still to be determined. •  What steps you have already taken, or will be taking, to manage the privacy breach. •  Your plans to notify the individuals affected by the privacy breach and, if appropriate, the IPC and other parties. •  Your timetable for providing senior management with regular updates about the breach and your ongoing management of it. Depending upon the nature of the privacy breach and your institution, it may be appropriate to brief your senior management, Deputy Minister’s and Minister’s Offices early in the response process. This will enable them to know what has occurred and how you are managing the privacy breach (i.e., what actions you are taking and planning, and when they will be updated on developments). This initial briefing may need to occur before you have fully completed your investigation. Keeping senior management and the Deputy Minister’s and Minister’s Offices informed throughout the life cycle of a privacy breach will help them understand how your institution is addressing the breach and mitigating its consequences. Program Manager and Coordinator Work together to: ▪  Evaluate the circumstances of the privacy breach (outlined on pages 19 and 20) to determine its severity and scope, in consultation with Legal Services and Issues Management/Communications. ▪  Develop briefing materials, including recommendations on: - response activities to manage the breach; - notice to the individuals affected by the breach Key Players Suggested Responsibilities and the IPC; and - need to report the breach to the Deputy Minister’s Office. ▪  Brief Delegated Decision-Maker(s) responsible for protection of the personal information involved in the privacy breach, as appropriate throughout the course of your institution’s response. Coordinator If a privacy breach is to be reported to your Deputy Minister’s Office, inform the IPA. Delegated Decision- Maker (if other than the Deputy Minister) Brief senior management and, if appropriate, the Deputy Minister’s Office, as necessary. Note: The Deputy Minister will determine if briefing the Minister’s Office is necessary.