Guidelines for Use of the Lists of Electors
V. Loss or Theft of the Lists of Electors
In the event of accidental or unauthorized access, disclosure or use of the lists of electors(e.g. loss of portable media containing electors' personal information), the authorized recipients should be ready to quickly and efficiently deal with this privacy breach. Each incident may require a unique approach. It is recommended that authorized recipients or the person responsible for implementing privacy safeguards take the following steps when dealing with a privacy breach:
- contain the breach and identify its source
- mitigate the harm resulting from the breach
- identify any documents that were lost or stolen and retrieve them
- document the circumstances that led to the incident
- prevent a recurrence of the event
The Treasury Board of Canada has produced Guidelines for Privacy Breaches and a Privacy Breach Management Toolkit that can be found on the Treasury Board of Canada Secretariat's website. These tools are designed specifically for government institutions, but they may nonetheless provide useful guidance for authorized recipients of lists of electors in the event of a privacy breach.
In addition, the OPC makes available a variety of materials such as general prevention and containment tips, advice specifically for preventing breaches involving portable data devices like tablets, smartphones or USB keys, and advice with respect to access controls and passwords. These documents can be found on the Office of the Privacy Commissioner of Canada's website.
Authorized recipients are encouraged to report privacy breaches to Elections Canada by contacting the Assistant Director, Access to Information and Privacy at the following coordinates:
Assistant Director, Access to Information and Privacy
30 Victoria Street