Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 99 Best Practices for Managing the Use of Personal Email Accounts, Text Messaging and Other Instant Messaging Tools Technology’s Impact Upon Employee Privacy Checklists for Trustees: Misdirected Faxes (although directed at health trustees, it may be helpful) Faxing Personal Information and Personal Health Information: Safeguards and Responding to a Breach Helpful Tips: Mobile Device Security Video Surveillance Guidelines for Public Bodies Auditing Auditing is a technical safeguard and is necessary to assess compliance with and measure effectiveness of policies and procedures, assess compliance with legislation, assess if appropriate measures are in place to control access and monitor access.304 Random proactive auditing is the process of conducting an audit on a random but regular basis. Proactive auditing is the best practice and is recommended by the Commissioner.305 Focused and targeted audits can occur in response to a privacy breach incident however proactive random auditing should be part of the organization’s technical safeguards on an ongoing basis. It is the government institution’s responsibility to establish a process for conducting random audits of user activity. When developing a process for random auditing, the following can be considered: • Who will be the individual(s) responsible for conducting random audits of user activity? • How frequently will the random audit be conducted? Where the number of users and the volume of accesses are great, the frequency of monitoring should increase. • How many users should be randomly audited each audit cycle? 304 SK OIPC Investigation Report 260-2017 at [33]. 305 SK OIPC Investigation Reports H-2010-001 at [131], F-2013-003 at [109], 131-2015 at [24], 260-2017 at [51].