The incident detail panel — overview facts, lifecycle, discovery and root cause, the Contained shield, and the live notifications obligations checklist
Last updated: July 12, 2026 by Steve
Incident Details
The incident detail panel is a full-screen workspace where privacy officers and ATIP staff document what happened, decide who has to be told, and prove the obligations were met on time. The header carries the incident number, type, status chip, priority, elapsed-days and date-occurred metrics, and a Discussion button; a green Contained shield with its date appears once containment is confirmed. Editing requires the incident-manage permission. Closed incidents are read-only until reopened, and reopening asks for a mandatory reason that is written to the activity log. Work is organized into a row of tabs.
The Tabs
| Tab | What it is for |
|---|---|
| Overview | Lifecycle rail, description/cause/subject, affected and notified counts, PI categories, harm types, discovery source, derived risk-of-harm band, key dates, root cause and lessons, hours, and owners |
| Containment | Measures taken to stop or limit the breach, plus the incident-level containment-confirmed toggle |
| Assessment | The risk-of-harm register (RROSH) that drives the notification calculator |
| Notifications | The live obligations checklist — who must be told and by when |
| Remediation | Corrective and preventive actions to stop recurrence |
| Review | The configurable sign-off workflow |
| Documents | Evidence files attached to the incident |
| Activity | The full audit timeline |
Containment and remediation both open the shared measure panel — see Incident Measures.
(screenshot placeholder — capture: the Overview tab with the lifecycle rail, description/cause block, affected and notified counts, discovery source, and the sidebar status/key-dates/owners cards)
The Overview Tab
The description block edits as one section — click the pencil, then Save or Discard. On the Overview tab you can record:
- Title, Description, Cause type and narrative
- The linked Privacy subject
- Affected individuals (with an "estimate" flag) and notified individuals
- Categories of personal information involved — sensitive categories carry a red shield
- Types of harm
- Discovery source — Internal, External report, Automated detection, Third-party notification, Commissioner inquiry, or Other
The Risk of harm band and the legal authority are system-derived and read-only. A separate Root cause & lessons learned section captures the record-keeping narratives; the Closure tab shows these read-only.
The sidebar holds the status control (same-stage status changes are a quick dropdown; cross-stage moves use Advance), priority, key dates (date occurred, date contained), an hours card, and the assigned owner and privacy officer.
The Lifecycle Rail
The compact lifecycle rail shows Active → In Review → Closed. In Review is reached by starting a review or by recording the risk-of-harm determination, and it stays checked even after a review returns the incident to Active.
The Notifications Tab
The Notifications tab is the module centerpiece and a live checklist. The calculator re-runs automatically whenever the tab opens and on every incident save, so obligations always reflect the current risk determination, affected count, and legal authority — there is no manual "recalculate" step, though a subtle Refresh is available. Notices are grouped:
- Obligations — every rule-produced notice for the incident's legal authority, statutory notices and advisory rows together in one urgency-sorted list. Each notice shows its recipient, a computed due date, a content checklist of what the notice must contain, the legal reference, and a colour-coded urgency badge (overdue / due soon / as soon as feasible / on track).
- Voluntary notices — anything you add manually beyond the statutory obligations. A pending voluntary notice still blocks closing the incident.
For each open notice you can:
- Mark sent — records the sent date, and optionally a reference number, sent via method, and a filed document linking the actual submission held on the incident.
- Dismiss — sets the notice to Not required; a rationale is mandatory and is stored for the record.
- Generate letter — opens the matching seeded correspondence template (individual-notice or regulator-notice) to copy and start from.
Use Add notification to log a voluntary notice, choosing a configured type scoped to the incident's authority. If no notification rules match the authority, an explanatory banner appears and the tab stays usable through the Voluntary group. Resolved notices collapse behind a "Resolved (n)" expander.
(screenshot placeholder — capture: the Notifications tab with the Obligations group showing recipients, due dates, urgency badges, and the Mark sent / Dismiss / Generate letter actions)
Reopening a Closed Incident
A closed incident is read-only. Users with the incident-manage permission can reopen it through a confirmation dialog that records a mandatory reason to the activity log.
Privacy by Design
Custodians and contributors never see requestor or data-subject PII. The incident record is scoped to privacy staff, so harm and notification decisions stay inside the office handling the breach.