Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 237 Examples: • Disclosure of personal information about a dangerous offender being released from a correctional institution. • Disclosure to another government institution or agency that a client is known to behave violently toward employees when the other government institution or agency is likely to encounter this client, so appropriate precautions may be taken to protect their employees (such as arranging for the presence of a security guard, etc.). Government institutions should still abide by the data minimization and need to know principles when disclosing personal information. Only disclose the least amount of personal information necessary to achieve the purpose. Further, only disclose to those that have a need to know the personal information to carry out the purpose. See Need-to-Know and Data Minimization earlier in this Chapter. IPC Findings In Investigation Report 107-2014, the Commissioner investigated a complaint involving the Saskatchewan Research Council (SRC). The complaint alleged that SRC sent emails to SRC staff and board members advising employees that the complainant intended to commence a lawsuit against SRC and that he had submitted access to information requests. The emails indicated that if the complainant showed up at SRC, staff should ask him to leave and advise him he is only to communicate through SRC legal counsel. The emails also stated that if staff felt threatened or he refused to leave to contact police. SRC asserted that it had authority to use the complainant’s personal information and disclose it pursuant to subsections 28(b) and 29(2)(m) of FOIP. The Commissioner found that SRC was authorized to use and disclose the opinion about the complainant (that he posed a threat) and the photograph of the complainant pursuant to subsections 28(b) and 29(2)(m) of FOIP. However, the Commissioner also found that SRC was not authorized to use or disclose the other personal information of the complainant. In Investigation Report 322-2017, 120-2018, the Commissioner investigated a proactively reported breach of privacy involving Saskatchewan Legal Aid Commission (Legal Aid) and the Ministry of Corrections and Policing (Corrections). The breach involved an employee at the Saskatoon Correctional Centre disclosing personal information about an individual in custody at the Saskatoon Correctional Centre (SCC) to a Legal Aid employee. Legal Aid and Corrections both asserted the disclosure was authorized pursuant to subsection 29(2)(m) of
RkJQdWJsaXNoZXIy MTgwMjYzOA==