Office of the Saskatchewan Information and Privacy Commissioner. Best Practices for Mayors, Reeves, Councillors and School Board Members. Effective 27 Dec. 2017. Updated 02 Oct. 2023. 3 role-based access, passwords, firewalls, identification and authentication controls, virus scanners and audit capabilities in digital systems. Physical Safeguards are physical measures utilized to protect personal information contained in buildings and equipment from unauthorized intrusion and natural and environmental hazards. Examples include locked filing cabinets, offices and storage rooms, alarm systems and clean desk policies. A privacy impact assessment (PIA) is an effective tool for assisting a local authority to identify any potential privacy risks and mitigation strategies related to these safeguards in existing or new systems, processes and projects. For further information on PIA’s see our resource Privacy Impact Assessment, A Guidance Document and the blog, Privacy Impact Assessments. Consent Consent of the individual is required for the collection, use or disclosure of personal information. When an Elected Official talks to a citizen, have the citizen consent to you collecting, using or disclosing information and keep that consent on your file (either hardcopy or electronic). A written consent is the best, email consent is next best and consent over the telephone is least best. Telephone consent, and other important details such as date and time, should be recorded in your notes. Purpose and Collection Citizens and organizations consult Elected Officials on problems and issues they have with local government and/or the health system. In that process of asking for help, they may provide documents or give verbal information to Elected Officials which contains considerable sensitive personal information. The collection of personal information should be limited to only what is necessary for the purposes for which it was collected. Before collecting any personal information, the Elected Official should pause and assess the purpose for collecting this information and whether this information is necessary for such a purpose. Elected Officials should refrain from collecting more personal information than is necessary to fulfill the identified purpose. In particular, consider documents that you may not need to collect such as tax returns, doctor’s reports, financial statements, laboratory tests and non-relevant correspondence.
RkJQdWJsaXNoZXIy MTgwMjYzOA==