Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 96 • When file cabinets and rooms should be locked and who should have access. • Personal information is subject to access to information requests and should be in a filing system where it is easily retrievable if required to do so. • The training programs to make employees aware of these policies and procedures as well as FOIP in general.297 A privacy policy cannot, by itself, protect personal information held by an organization. Privacy policies that are not reflected in actual practice through strong implementation, training, and auditing will fail to safeguard personal information against privacy risks. But if we return to the true meaning of “policy,” we will be reminded that it was always intended to be rooted in action. The Concise Oxford Dictionary defines policy as: “a course, or general plan of action adopted or proposed…”298 Technical Technical safeguards mean the technology and the policy and procedures for its use to protect personal information and control access to it. Examples of technical safeguards include separate user identifications, passwords, firewalls, identification and authentication controls, virus scanners and audit capabilities in digital systems.299 Technical safeguards generally include technical security services and mechanisms.300 General features of technical safeguards can include the following: • Firewalls • Encrypted transmissions with VPN technology • Use of private keys to decrypt files • Individualized passwords within an inquiry-based system limited by user roles • Use of Oracle for backup systems 297 SK OIPC Investigation Report LA-2013-003 at [82]. See also Investigation Report 200-2018 at [32]. 298 ON IPC resource, A Policy is Not Enough: It Must be Reflected in Concrete Practices, September 2012 at p. 1. Available at 299 SK OIPC resource, Helpful Tips: Mobile Device Security at p. 2. 300 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 134. Available at Accessed June 18, 2020.