The incident detail panel — overview facts, lifecycle, discovery and root cause, the Contained shield, and the live notifications obligations checklist

Last updated: July 12, 2026 by Steve

Incident Details

The incident detail panel is a full-screen workspace where privacy officers and ATIP staff document what happened, decide who has to be told, and prove the obligations were met on time. The header carries the incident number, type, status chip, priority, elapsed-days and date-occurred metrics, and a Discussion button; a green Contained shield with its date appears once containment is confirmed. Editing requires the incident-manage permission. Closed incidents are read-only until reopened, and reopening asks for a mandatory reason that is written to the activity log. Work is organized into a row of tabs.

The Tabs

Tab What it is for
Overview Lifecycle rail, description/cause/subject, affected and notified counts, PI categories, harm types, discovery source, derived risk-of-harm band, key dates, root cause and lessons, hours, and owners
Containment Measures taken to stop or limit the breach, plus the incident-level containment-confirmed toggle
Assessment The risk-of-harm register (RROSH) that drives the notification calculator
Notifications The live obligations checklist — who must be told and by when
Remediation Corrective and preventive actions to stop recurrence
Review The configurable sign-off workflow
Documents Evidence files attached to the incident
Activity The full audit timeline

Containment and remediation both open the shared measure panel — see Incident Measures.

Incident overview tab (screenshot placeholder — capture: the Overview tab with the lifecycle rail, description/cause block, affected and notified counts, discovery source, and the sidebar status/key-dates/owners cards)

The Overview Tab

The description block edits as one section — click the pencil, then Save or Discard. On the Overview tab you can record:

  • Title, Description, Cause type and narrative
  • The linked Privacy subject
  • Affected individuals (with an "estimate" flag) and notified individuals
  • Categories of personal information involved — sensitive categories carry a red shield
  • Types of harm
  • Discovery source — Internal, External report, Automated detection, Third-party notification, Commissioner inquiry, or Other

The Risk of harm band and the legal authority are system-derived and read-only. A separate Root cause & lessons learned section captures the record-keeping narratives; the Closure tab shows these read-only.

The sidebar holds the status control (same-stage status changes are a quick dropdown; cross-stage moves use Advance), priority, key dates (date occurred, date contained), an hours card, and the assigned owner and privacy officer.

The Lifecycle Rail

The compact lifecycle rail shows Active → In Review → Closed. In Review is reached by starting a review or by recording the risk-of-harm determination, and it stays checked even after a review returns the incident to Active.

The Notifications Tab

The Notifications tab is the module centerpiece and a live checklist. The calculator re-runs automatically whenever the tab opens and on every incident save, so obligations always reflect the current risk determination, affected count, and legal authority — there is no manual "recalculate" step, though a subtle Refresh is available. Notices are grouped:

  • Obligations — every rule-produced notice for the incident's legal authority, statutory notices and advisory rows together in one urgency-sorted list. Each notice shows its recipient, a computed due date, a content checklist of what the notice must contain, the legal reference, and a colour-coded urgency badge (overdue / due soon / as soon as feasible / on track).
  • Voluntary notices — anything you add manually beyond the statutory obligations. A pending voluntary notice still blocks closing the incident.

For each open notice you can:

  1. Mark sent — records the sent date, and optionally a reference number, sent via method, and a filed document linking the actual submission held on the incident.
  2. Dismiss — sets the notice to Not required; a rationale is mandatory and is stored for the record.
  3. Generate letter — opens the matching seeded correspondence template (individual-notice or regulator-notice) to copy and start from.

Use Add notification to log a voluntary notice, choosing a configured type scoped to the incident's authority. If no notification rules match the authority, an explanatory banner appears and the tab stays usable through the Voluntary group. Resolved notices collapse behind a "Resolved (n)" expander.

Notifications obligations checklist (screenshot placeholder — capture: the Notifications tab with the Obligations group showing recipients, due dates, urgency badges, and the Mark sent / Dismiss / Generate letter actions)

Reopening a Closed Incident

A closed incident is read-only. Users with the incident-manage permission can reopen it through a confirmation dialog that records a mandatory reason to the activity log.

Privacy by Design

Custodians and contributors never see requestor or data-subject PII. The incident record is scoped to privacy staff, so harm and notification decisions stay inside the office handling the breach.