Report a Data Breach in Kelowna - City Guidance

Technology and Data British Columbia 3 Minutes Read · published May 26, 2026 Flag of British Columbia

Kelowna, British Columbia organisations and residents must follow clear steps when a data breach is suspected or confirmed. This guide explains immediate containment, internal reporting to the City of Kelowna Access to Information & Protection of Privacy office, legal oversight under the Freedom of Information and Protection of Privacy Act (FOIPPA), and when to seek review from the provincial privacy regulator. Use the quick action steps below to stabilise systems, preserve evidence, notify the correct office, and document all actions.[1][2]

Penalties & Enforcement

Monetary fines for municipal data breaches are not specified on the City of Kelowna page or the FOIPPA consolidation page; see citations below.[1][2] Enforcement and remedies are primarily administrative: the Citys Access to Information & Protection of Privacy (ATIPP) office handles internal reports and mitigation; the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC) provides external review and can investigate complaints and order corrective steps. Criminal prosecution or statutory fines are not detailed on the cited municipal page and are not specified on the FOIPPA consolidation page cited here.

  • Enforcer: City of Kelowna, Access to Information & Protection of Privacy office (internal handling).
  • Oversight: Office of the Information and Privacy Commissioner for British Columbia (complaint and review powers).
  • Orders and remedies: administrative orders and required corrective actions (details depend on OIPC findings; specific sanctions not specified on the cited pages).
  • Appeals/review: complaints to OIPC BC; time limits for filing are not specified on the cited City page.
Preserve logs and evidence immediately to support any internal or regulator review.

Applications & Forms

The City of Kelowna publishes ATIPP contact information and access request forms; there is no separately published "data breach" submission form on the City page cited here. To report a breach internally, use the ATIPP contact methods listed on the City website or follow the internal incident response procedure for your department.[1]

Immediate steps to report a breach

  • Contain systems: disconnect compromised endpoints and stop ongoing exfiltration.
  • Preserve evidence: export logs, preserve timestamps, and record chain of custody for files.
  • Notify your supervisor and IT/security team immediately.
  • Report to City ATIPP office with a written summary, affected records, and mitigation steps; follow City contact instructions.[1]
  • If the breach affects personal information held by a public body and concerns remain, consider filing a complaint with the OIPC BC for review (see resources).
Act quickly to limit harm and make a defensible record of every action.

Common violations and typical outcomes

  • Lost or stolen devices containing personal records: internal investigation and remedial orders by ATIPP; monetary penalties not specified on the cited pages.
  • Unauthorised access or disclosure: possible OIPC review and binding corrective orders.
  • Poor data handling practices: corrective steps, staff retraining, and revised procedures ordered by oversight bodies.

FAQ

Who do I notify first after discovering a breach?
Notify your supervisor and IT/security team immediately, then report the incident to the City of Kelowna Access to Information & Protection of Privacy office using the contact methods on the City website.[1]
Do I have to notify affected individuals?
Notification requirements depend on the nature and sensitivity of the information and applicable legal obligations; specific notice thresholds are not specified on the City page cited here, so follow City ATIPP guidance and OIPC BC recommendations as applicable.
Are there set fines for data breaches?
Monetary fines for municipal breaches are not specified on the City of Kelowna page or the FOIPPA consolidation page cited here; enforcement focuses on administrative orders and oversight review.[1][2]

How-To

  1. Confirm the incident and immediately isolate affected systems to stop further data loss.
  2. Document the incident: capture logs, list affected records, note times, and preserve evidence.
  3. Inform internal leadership and IT/security, and follow your organisations incident response plan.
  4. Report the breach to the City of Kelowna ATIPP office with a written summary, list of affected personal information, mitigation steps taken, and contact for follow-up.[1]
  5. If concerns remain after internal handling, file a complaint with the Office of the Information and Privacy Commissioner for British Columbia for external review.
  6. Maintain records of all notices, remediation, and communications for at least the period recommended by City retention policies.

Key Takeaways

  • Act immediately to contain breaches and preserve evidence.
  • Report to the City of Kelowna ATIPP office and consider OIPC BC review if needed.

Help and Support / Resources

  1. [1] City of Kelowna Access to Information & Protection of Privacy
  2. [2] Freedom of Information and Protection of Privacy Act (FOIPPA) - B.C.

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data