Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 16 An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance. Like Fair Information Principle #1, the ability to challenge compliance with these principles is important to accountability on the part of the organization. Each organization should have a designated individual or team that specializes in access and privacy principles and legislation. Individuals should have the ability to register complaints or concerns with organizations and they should be handled appropriately. See Chapter 2: Administration of FOIP, Government Institutions – Roles & Responsibilities; The FOIP Coordinator or Privacy Officer for more information on the role of a Privacy Officer. For more guidance on the Fair Information Principles, see the Office of the Privacy Commissioner of Canada’s resource, PIPEDA fair information principles. Each of the principles is broken down further with tips and steps that can be taken to enhance the principle. NEED-TO-KNOW PRINCIPLE Two principles flow from the 10 Fair Information Principles above: 1. The need-to-know principle (limiting collection, use & disclosure); and 2. The data minimization principle (identifying purpose, limiting collection, use & disclosure). These two principles are implicit in Part IV of FOIP. Need-to-know is the rule that personal information should only be available to those employees in an organization that have a legitimate need to know that information for the purpose of delivering their mandated services.34 The exercise of collecting, using, and disclosing personal information is always subject to the need-to-know principle.35 For a government institution to be able to rely on any provision in FOIP for its collection, use and/or disclosure of personal information, it must also abide by the need-to-know and data 34 SK OIPC Investigation Report F-2009-001 at [92]. 35 Adapted from SK OIPC Investigation Report F-2009-001 at [47].

RkJQdWJsaXNoZXIy MTgwMjYzOA==