A Minister’s Guide to Protecting Personal Information 6 (i) threat or hazard to the security or integrity of the personal information in its possession or under its control; (ii) loss of the personal information in its possession or under its control; or (iii) unauthorized access to or use, disclosure or modification of the personal information in its possession or under its control; and (c) otherwise ensure compliance with this Act by its employees. Administrative safeguards are controls that focus on internal organizations, policies, procedures and maintenance of security measures that protect personal information. Examples include written policies and procedures, annual training for employees, confidentiality agreements, agreements with information management service providers (IMSP), auditing programs, records retention and destruction schedules and access restrictions. Technical Safeguards are the technology and the policy and procedures for its use that protect personal information and control access to it. Examples include separate user identifications, passwords, firewalls, identification and authentication controls, virus scanners and audit capabilities in digital systems. Physical Safeguards are physical measures, policies, and procedures to protect personal information and related buildings and equipment, from unauthorized intrusion and natural and environmental hazards. Examples include locked filing cabinets, offices and storage rooms, alarm systems and clean desk approaches. Note that personal information in the possession or control of Ministers’ offices can exist in different types of records such as: • Hard copy: physical representations of data, such as paper. This includes, among other things, notes, memos, messages, correspondence, transaction records and reports. • Electronic copy: information stored on electronic media, such as computer hard drives, copier and printer hard drives, removable solid drives including memory, disks and USB flash drives and mobile phones. This also includes information stored in the cloud. Examples are e-mails, text messages and other electronic documents. Subsection 24.1(a) of FOIP Subsection 24.1(a) of FOIP indicates that a Ministers’ office must protect the integrity, accuracy and confidentiality of the personal information in its possession or under its control. Integrity refers to the condition of information being whole or complete; not modified, deleted or corrupted.
RkJQdWJsaXNoZXIy MTgwMjYzOA==