Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 105 and environmental hazards. Examples include locked filing cabinets, offices and storage rooms, alarm systems and clean desk approaches.316 Physical safeguards generally include physical standards.317 They monitor and control the work environment. Most of these can be incorporated into every employee’s work routine. Examples of physical safeguards include: • Storing personal information in locked filing cabinets, offices, and buildings, with controls over distribution of the keys or lock combinations. • Storing personal information in secure areas where access is limited or restricted. • Logging out of or locking computers when stepping away from the work area. • Ensuring that government assets, such as laptop computers, are secured when they are out of the office and are encrypted (e.g., not left in vehicles). • Not leaving documents containing personal information on printers or fax machines. • Always using a cover sheet when faxing personal information. • Calling before sending a fax to make sure the intended recipient can retrieve it. • Making sure the right email address has been entered prior to sending an email. • Encrypting emails containing personal information prior to sending. • When replying to long email threads remove any recipients who no longer need to be involved before replying. • Limiting the amount of personal information provided in emails to that which is necessary (e.g., if everyone you are emailing knows the name of the individual being discussed, do not include the individual’s name in the email). • Shredding any documents containing personal information prior to disposal. • Labeling files containing personal information as a reminder to store them securely. • Card access systems, video surveillance and security guards.318 IPC Findings In Investigation Report 271-2017, the Commissioner investigated a privacy breach involving the Ministry of Corrections and Policing. A Corrections Officer with the Saskatoon 316 SK OIPC resource, Helpful Tips: Mobile Device Security at p. 2. 317 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 134. Available at https://open.alberta.ca/dataset/50877846-0fba-4dbb-a99feeb651533bc4/resource/3e16d527-2618-48ae-80b8-93f69973878e/download/hia-guidelinespractices-manual.pdf. Accessed June 18, 2020. 318 Government of Newfoundland and Labrador, ATIPP Office, Department of Justice and Public Safety, Protection of Privacy Policy and Procedures Manual, June 2015, at pp. 73 and 74.

RkJQdWJsaXNoZXIy MTgwMjYzOA==