Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 111 • Disclosure of information – e.g., unauthorized verbal disclosure, leaving information displayed on a monitor, electronic interception of information travelling over a transmission line, such as a fax machine or cellular phone, faxing information to the wrong fax number. • Service interruption – e.g., power failure, labour dispute, denial of service attack on an Internet server. • Modification of data – e.g., malicious code, forgery, addition of data to a record. • Accidental or deliberate loss of data – e.g., physical damage to hardware, willful destruction of recorded information, information destroyed in a flood or fire. • Misuse of information – e.g., transfer of or sale of personal information in contravention of FOIP. • Information not being available – e.g., records that are misdirected or misfiled, or that are destroyed in a manner that is not in accordance with approved records retention and disposition schedules or policies.332 Government institutions should determine the likelihood (low, medium, or high) of each or any of the above threats occurring. Identify the potential consequences and rate the seriousness (less serious, serious, or very serious) of the events if they were to occur.333 In considering reasonably anticipated threats or hazards, it is exceedingly unlikely that a government institution will be in compliance with subsection 24.1(b)(i) of FOIP if it does not have: • A specifically tasked privacy officer with a clear mandate and appropriate training. • Extensive training of staff in FOIP requirements and provisions. • Comprehensive, clear, and practical written policies and procedures that are reinforced through leadership and training of staff. • Written contracts with information management service providers (IMSPs) that specifically address the requirements of section 24.1 of FOIP. • Audit of use and disclosures of personal information. 332 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 318. Available at https://open.alberta.ca/dataset/50877846-0fba-4dbb-a99feeb651533bc4/resource/3e16d527-2618-48ae-80b8-93f69973878e/download/hia-guidelinespractices-manual.pdf. Accessed June 23, 2020. 333 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 318. Available at https://open.alberta.ca/dataset/50877846-0fba-4dbb-a99feeb651533bc4/resource/3e16d527-2618-48ae-80b8-93f69973878e/download/hia-guidelinespractices-manual.pdf. Accessed June 23, 2020.

RkJQdWJsaXNoZXIy MTgwMjYzOA==