Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 19 However, if organizations do not strongly protect the privacy of individuals in the information being sought out, there may be far-reaching implications for both the individuals and the organizations involved. For example, when individuals lose trust and confidence in the ability of an organization to protect their privacy, the reputation of that organization may be irreparably damaged in the process. This does not include the time and resources needed to contain, investigate, and remediate any resulting data breaches or privacy infractions, and the costs associated with any ensuing proceedings and liabilities such as class action lawsuits.42 One of the most effective ways to protect the privacy of individuals is through strong deidentification. Using proper de-identification techniques and re-identification risk management procedures, remains one of the strongest and most important tools in protecting privacy.43 De-identification is the general term for the process of removing personal information from a record or data set.44 De-identified information is information that cannot be used to identify an individual, either directly or indirectly. Information is de-identified if it does not identify an individual, and it is not reasonably foreseeable in the circumstances that the information could be used, either alone or with other information, to identify an individual.45 Personal information is de-identified through a process involving the removal or modification of both direct identifiers and indirect or quasi-identifiers.46 Direct identifiers are fields of information that may be used to directly identify an individual; they include name, home address, telephone number, health number and social insurance number.47 Indirect or quasi-identifiers are fields of information that may be used on their own or in combination with other indirect or quasi-identifiers, or other information, to indirectly identify an individual. They include information such as gender, marital status, race, ethnic origin, postal code or other location information, significant dates, or one’s profession. Some indirect or quasi-identifiers may be more likely to lead to the re-identification of individuals in a data set due to their rare occurrence. Characteristics which are highly uncommon in the 42 ON IPC resource, De-identification Protocols: Essential for Protecting Privacy, June 25, 2014 at p. 1. 43 ON IPC resource, De-identification Protocols: Essential for Protecting Privacy, June 25, 2014 at p. 1. 44 ON IPC resource, De-identification Guidelines for Structured Data, June 2016 at pp. 1 and 3. 45 ON IPC resource, De-identification Protocols: Essential for Protecting Privacy, June 25, 2014 at p. 3. 46 ON IPC resource, De-identification Protocols: Essential for Protecting Privacy, June 25, 2014 at p. 3. 47 ON IPC resource, De-identification Protocols: Essential for Protecting Privacy, June 25, 2014 at p. 3.
RkJQdWJsaXNoZXIy MTgwMjYzOA==