How to Respond to a Privacy Officer Contacting You
What to do when an organization's privacy officer reaches out, whether about a breach, an access request, or a complaint.
TL;DR
Privacy officers may contact you for many reasons. Respond in writing, keep a record, ask clear questions, and do not be pressured into withdrawing complaints or consenting to new uses. If the conversation involves a breach, request written confirmation of all protective measures offered.
Why a privacy officer might contact you
Common reasons:
To confirm your identity for an access or correction request.
To follow up on a privacy complaint you filed.
To notify you of a data breach affecting your information.
To request additional consent for a new use of your information.
Best practices
Always communicate in writing or in a way that creates a record.
Ask for clarifying details before responding substantively.
If asked to withdraw a complaint, consider the consequences carefully and ask for the request in writing with reasons.
If asked to consent to new uses, review the proposed use and ask about alternatives.
If the conversation is unproductive
You can escalate to the applicable privacy commissioner at any time. Filing a complaint does not require you to speak with the organization beyond what privacy law requires.