Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 94 current procedures are working and develop ways to remedy any issues and notifying agents of any changes in the government institution’s own information practices that agents will be asked to adopt.290 All privacy requirements in a government institution’s contracts with its agents should be strictly enforced. If agents refuse or fail to resolve discovered problems, court action or ending the contract may be the government institution’s only options.291 5. A privacy awareness and education program Government institutions should provide all staff with practical, accessible, concrete, and granular information about what they must do to comply with FOIP in the course of collection, use and disclosure of personal information. Four predictable problem areas are security, access, consent, and disclosure.292 6. Consent and communication with individuals The best way of communicating information about privacy policies and procedures is by posting the organization’s privacy policy or notice online or by providing a handout.293 Government institutions should identify the consent requirements under FOIP for any activities that involve personal information. Consent means informed voluntary agreement by the individual with what is being done or proposed, given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the organization seeking consent; implied consent 290 SK OIPC Investigation Report H-2011-001 at [164]. Originates from The Personal Health Information Protection Act - Implementing Best Privacy Practices, Scott, Graham. et al., LexisNexis Butterworths: Ontario, 2005, at p. 97. 291 SK OIPC Investigation Report H-2011-001 at [164]. Originates from The Personal Health Information Protection Act - Implementing Best Privacy Practices, Scott, Graham. et al., LexisNexis Butterworths: Ontario, 2005, at p. 97. 292 SK OIPC Investigation Report H-2011-001 at [149]. 293 SK OIPC Investigation Report H-2011-001 at [156]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 8.

RkJQdWJsaXNoZXIy MTgwMjYzOA==