Skip to main content
All of CanadaUpdated April 2026

How to Respond to a Privacy Officer Contacting You

What to do when an organization's privacy officer reaches out, whether about a breach, an access request, or a complaint.

TL;DR

Privacy officers may contact you for many reasons. Respond in writing, keep a record, ask clear questions, and do not be pressured into withdrawing complaints or consenting to new uses. If the conversation involves a breach, request written confirmation of all protective measures offered.

Why a privacy officer might contact you

Common reasons:

  • To confirm your identity for an access or correction request.
  • To follow up on a privacy complaint you filed.
  • To notify you of a data breach affecting your information.
  • To request additional consent for a new use of your information.

Best practices

Always communicate in writing or in a way that creates a record.

Ask for clarifying details before responding substantively.

If asked to withdraw a complaint, consider the consequences carefully and ask for the request in writing with reasons.

If asked to consent to new uses, review the proposed use and ask about alternatives.

If the conversation is unproductive

You can escalate to the applicable privacy commissioner at any time. Filing a complaint does not require you to speak with the organization beyond what privacy law requires.

Related topics

Ask AI