Incident Response and Reporting

Security and Privacy incidents need to be reported promptly to allow the issue to be investigated, contained, and resolved. Timely and accurate information is essential to ensure information owners, custodians, security and privacy officers are well informed.  Further, incident reporting helps to reduce the risk of reoccurrence.

CAC staff or any of its clients must report an event which has caused or has the potential to cause damage to CAC’s assets, damage to the CAC’s reputation, or if information has been transferred to someone who is not entitled to receive it.

Incidents include but are not limited to the following:

  • the loss or theft of data or information;
  • the transfer of sensitive or confidential information to those who are not entitled to receive that information;
  • attempts (either failed or successful) to gain unauthorized access to data or information storage or a computer system;
  • changes to information or data or system hardware, firmware, or software characteristics without knowledge, instruction, or consent;
  • unwanted disruption or denial of service to a system;
  • the unauthorized use of a system by any person

On Discovery of Security and or Privacy Incident


Contact the Security Response Team at CAC who will begin the investigation.

Fill in this form and supply us with as much detail as possible.

Costa Dafnas
Security Manager, CAC
Phone: (613) 533-6000 x78239 email:

Lucas Lapczyk
Security Engineer, CAC
Phone: (613) 483-2885  email:

The Security Response Team will begin the investigation by following our Incident and Reporting Policy to ensure the incident is contained, resolved and reported to all relevant parties.

Depending on the nature and the severity of the event the CAC Security Team may need to notify any/all of the following: