Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 2, Administration of FOIP. Updated 7 March 2023. 16 Upon receipt, the focus of the IPC is on whether the government institution appropriately handled the breach. This is based on whether the government institution adequately addressed each of the four best practice steps recommended by the IPC. The four best practice steps include: 1. Contain the breach 2. Notify affected individuals and/or appropriate organizations 3. Investigate the breach 4. Plan for prevention27 Once the IPC receives the relevant material, it will review the file and make a decision. The possible outcomes are as follows: • If the Commissioner is satisfied with the government institution’s overall response to the breach, the file will be closed informally without a public report. This process may include some informal recommendations from the IPC. • If the breach is egregious or it involves a large number of affected individuals, the Commissioner may determine that a report will be issued. • If an affected individual makes a formal complaint, the Commissioner may determine that a report will be issued. • If the Commissioner is not satisfied with the government institution’s response or handling of the breach, the IPC will issue a report. Once the IPC has made a decision, the government institution will be advised if a report will be issued or not. The government institution will also be notified if an affected individual makes a formal complaint, which may also result in a public report.28 If you have questions or need further guidance, contact the SK OIPC at intake@oipc.sk.ca. Government institutions should be aware of section 29.1 of FOIP. It requires government institutions to notify an individual of an unauthorized use or disclosure of the individual’s 27 SK OIPC Resource, Privacy Breach Guidelines for Government Institutions and Local Authorities at pp. 6 to 9. 28 For more, see SK OIPC resource, Privacy Breach Guidelines for Government Institutions and Local Authorities. Available at Privacy Breach Guidelines (oipc.sk.ca).
RkJQdWJsaXNoZXIy MTgwMjYzOA==