Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 95 arises where consent may reasonably be inferred with from the action or inaction of the individual.294 The Freedom of Information and Protection of Privacy Regulations requires that where consent is required by FOIP for the collection, use or disclosure of personal information, the consent must: • Relate to the purpose for which the information is required • Be informed • Be given voluntarily • Not be obtained through misrepresentation, fraud, or coercion • A consent may be given that is effective for a limited period • Consent may be express or implied unless otherwise provided • An express consent need not be in writing295 7. Security protections Ensure that reasonable and appropriate physical, administrative and technical safeguards are in place to protect personal information. Safeguards will ensure the integrity, confidentiality and availability of personal information and protect it from being improperly accessed, altered, or destroyed.296 Administrative safeguards, described in written policies and procedures, would also cover the following: • That all personal information should be put away (e.g., in locked cabinets or file drawers) unless it is in use by authorized individuals. Individuals authorized to use the personal information should be clarified. • Personal information should not be lying around on a desk in a room where those without a need-to-know frequent. 294 Canadian Health Information Management Association (CHIMA), Abrams, Kelly J., Shirley Learmonth, Candace J. Gibson, The Canadian Health Information Management Lifecycle, 2017, at Glossary. 295 The Freedom of Information and Protection of Privacy Regulations, RRS c F-22.01 Reg 1, at section 18. 296 SK OIPC Investigation Report H-2011-001 at [158]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 8.