Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 116 • Misuse of information – e.g., transfer of or sale of personal information in contravention of FOIP.351 Government institutions should determine the likelihood (low, medium, or high) of each or any of the above threats occurring. Identify the potential consequences and rate the seriousness (less serious, serious, or very serious) of the events if they were to occur.352 Subsection 24.1(c) Duty of government institution to protect 24.1 Subject to the regulations, a government institution shall establish policies and procedures to maintain administrative, technical and physical safeguards that: … (c) otherwise ensure compliance with this Act by its employees. It is expected that a government institution will have appropriate safeguards in place to protect personal information.353 Government institutions should have written policies and procedures in place to guide employees with what is required by law concerning privacy protection for personal information. Without written policies and procedures, a government institution has not taken reasonable steps to safeguard personal information in its possession or control.354 Government institutions are responsible for taking steps to ensure that its officers and staff comply with the protection of privacy requirements under FOIP. This involves: • Ensuring that policies and procedures that safeguard personal information are in place, 351 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 318. Available at https://open.alberta.ca/dataset/50877846-0fba-4dbb-a99feeb651533bc4/resource/3e16d527-2618-48ae-80b8-93f69973878e/download/hia-guidelinespractices-manual.pdf. Accessed June 23, 2020. 352 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 318. Available at https://open.alberta.ca/dataset/50877846-0fba-4dbb-a99feeb651533bc4/resource/3e16d527-2618-48ae-80b8-93f69973878e/download/hia-guidelinespractices-manual.pdf. Accessed June 23, 2020. 353 SK OIPC Investigation Report 200-2018 at [34]. 354 SK OIPC Investigation Reports H-2011-001, F-2007-001 at [48] and LA-2013-003 at [54] to 57].
RkJQdWJsaXNoZXIy MTgwMjYzOA==