Office of the Saskatchewan Information and Privacy Commissioner. Best Practices for Mayors, Reeves, Councillors and School Board Members. Effective 27 Dec. 2017. Updated 02 Oct. 2023. 2 2. The information must be personal in nature. Some examples of what could constitute personal information: • The individual’s race, national or ethnic origin, colour or religious or political beliefs or associations. • The individual’s age, sex, marital status or family status. • Information about the individual’s educational, financial, employment or criminal history, including criminal records, whether or not a pardon has been given. • An identifying number, symbol or other particular assigned to the individual. • Anyone else’s opinions about the individual. • The individual’s name, home or business address or home or business telephone number. • The individual’s personal views or opinions, except if they are about someone else. Personal health information is treated as personal information under LA FOIP, which includes information that relates to health care or the health history of the individual. Duty to Protect In 2017, an amendment to LA FOIP added an explicit duty of local authorities to protect personal information in its possession or control (subsection 23.1 of LA FOIP). This includes having measures in place to ensure personal information is protected. Section 23.1 of LA FOIP requires that a local authority have administrative, technical and physical safeguards to protect personal information. This duty extends to Elected Officials when undertaking local authority business. If collected, used or disclosed for other purposes, then best practices should be utilized to prevent privacy breaches. Administrative safeguards are controls that focus on the internal organization’s policies, procedures and maintenance of security measures that protect personal information. Examples include written policies and procedures, annual training for employees, confidentiality agreements, agreements with information management service providers (IMSPs), auditing programs, records retention and destruction schedules and access controls. Technical Safeguards are the technological measures, which protect personal information in digital form and control access to it. Examples include separate user identifications,
RkJQdWJsaXNoZXIy MTgwMjYzOA==