Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 14 Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes. In Investigation Report LA-2010-001, the Commissioner stated: [47] The practice of disclosing the least amount of information when required is called the ‘data minimization principle’. This is one of the 10 Fair Information Principles that have been codified in the Canadian Standards Association Model Code for the Protection of Personal Information (Q830) … For more on the data-minimization principle, see Data Minimization later in this Chapter. Accuracy The Model Code states: Personal information shall be as accurate, complete, and up to date as is necessary for the purposes for which it is to be used. Individuals have a right to have their personal information accurately reflected if collected, used and disclosed by an organization. Incorrect information can have tremendous consequences for individuals. Many jurisdictions have access and privacy legislation that provide individuals the right to have their personal information or personal health information corrected by organizations. Organizations should take measures to ensure that the personal information they are collecting, using and disclosing is accurate, complete and up to date. As well, they should provide for the ability of individuals to correct the information if it is not. For more on accuracy and correction, see Section 27: Standard of Accuracy and Section 32: right of correction later in this Chapter. Safeguards The Model Code states: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.