Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 115 Unauthorized disclosure An unauthorized disclosure is revealing, exposing, showing, providing copies of, selling, giving, or telling personal information in a way that is not in accordance with section 29 (Disclosure of personal information) of FOIP.346 Unauthorized modification Is the act of making changes to personal information without authorization.347 Unauthorized modification may occur unintentionally, through malicious code, forgery, or the wrongful addition of information to a record containing personal information.348 Common threats are: • Unauthorized access – e.g., a private business receives numerous faxes in error from the Saskatchewan Health Authority. The faxes were intended for a physician and contain personal health information of patients. It was found the only difference between the telephone numbers was one digit.349 • Unauthorized use – e.g., employees using their access privileges to view the information of a co-worker (i.e., snooping) in electronic systems for a purpose other than what it was collected for is an unauthorized use.350 • Unauthorized disclosure – e.g., unauthorized verbal disclosure, leaving information displayed on a monitor, electronic interception of information travelling over a transmission line, such as a fax machine or cellular phone, faxing information to the wrong fax number. • Unauthorized modification - malicious code, forgery, addition of data to a record. 346 British Columbia Government Services, FOIPPA Policy and Procedures Manual, Section 30 – Protection of personal information, available at Accessed June 11, 2020. 347 Adapted from Pearsall, Judy, Concise Oxford Dictionary, 10th Ed., (Oxford University Press) at p. 916. 348 Adapted from Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 136. Available at Accessed June 18, 2020. 349 SK OIPC Investigation Report 043-2018 at [25] and [26]. 350 SK OIPC Investigation Report H-2013-001 at [41] and [42].