Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 102 and disclosure and during retention and destruction.309 Safeguards can include administrative (i.e., policies), physical (i.e., locks) and technical safeguards. Encryption is an example of a technical safeguard that can be used by organizations to safeguard personal data. Encryption is the process of scrambling data (or plain text) into an unreadable form (or cipher text). This scrambling process is based on algorithms that use various forms of substitutions or transposition to encrypt the message. Algorithms are mathematical constructs that are applied through various applications to secure data transmissions or storage.310 Decryption is the process of using the same algorithm to restore the information into readable form.311 Encryption can be used at all levels of a security infrastructure. Encryption can provide confidentiality, authentication, integrity, and non-repudiation for data travelling over a network or stored on a system.312 There are numerous benefits to using encryption software to protect personal data. Firstly, access to personal data can be controlled both inside and outside an organization. Once encrypted, personal data can only be unlocked with a key. The key can be shared between the sender and receiver of the personal data. For electronic transmissions, encryption can be an effective way of preventing unauthorized interception of electronic messages. The sender and receiver have control over who will be permitted access. This is especially important when personal data is being sent in an email to an outside entity. Email transmission is not secure. An unencrypted email can bounce from Toronto to Brussels to New York. It can go anywhere for that matter. It all depends on the state of Internet “traffic” that day. An email message can pass through numerous different computer systems on route to its final destination. Meanwhile, on some computers through which that email is relayed, there may be ‘sniffers’ or other malicious software tools. They are waiting to copy, alter or tamper with that email in 309 ON IPC resource, Encryption by Default and Circles of Trust: Strategies to Secure Personal Information in High-Availability Environments, December 2012, at p. 2. 310 Andress, Amanda, Surviving Security: How to Integrate People, Process, and Technology at Chapter 4, Cryptography and Encryption. 311 Andress, Amanda, Surviving Security: How to Integrate People, Process, and Technology at Chapter 4, Cryptography and Encryption. 312 Andress, Amanda, Surviving Security: How to Integrate People, Process, and Technology at Chapter 4, Cryptography and Encryption.

RkJQdWJsaXNoZXIy MTgwMjYzOA==