Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 15 If an organization is going to collect an individual’s personal information, it has a responsibility to keep the information safe from improper use and disclosure. This includes physical, technical and administrative safeguards. Without these, privacy breaches can more easily occur. For example, physical safeguards would include properly locking file cabinets or offices that contain the personal information of individuals. For more on safeguards, see Section 24.1: Duty to Protect Personal Information later in this Chapter. Openness The Model Code states: An organization shall make readily available to individuals, specific information about its policies and practices relating to the management of personal information. Individuals need to be confident that their personal information is being collected, used, and disclosed properly, stored safely and is correct and accurate. Unless organizations are open about these things, individuals have no way of knowing what happens to their personal information once provided to an organization. Individual Access The Model Code states: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. When an individual shares their personal information with an organization, they should not cease to have any control over it. They should be able to request access to it. In fact, access to one’s own personal information is legislated in each jurisdiction in Canada. Challenging Compliance The Model Code states: