Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 253 personal information in a form that could reasonably be expected to identify the individuals. This should ideally be captured in a written contract or agreement that spells out the privacy obligations respecting the use, protection, and disclosure of the personal information that are consistent with the requirements of FOIP. Information is in individually identifiable form if unique identifiers are attached to the information such that the information can identify a particular individual. The identifiers might be an individual’s name, address, telephone number, date of birth or social insurance number. Small population cells or contextual information may also allow for the identification of an individual.708 For a contract or agreement for auditors captured under section 15 of The Freedom of Information and Protection of Privacy Regulations, the agreement or contract should include: • A description of the personal information to be disclosed. • The authority for disclosing the personal information. • The purposes for which the personal information will be collected, used and/or disclosed. • A statement that clearly restricts any subsequent disclosures of the personal information by the auditor in a form that could reasonably be expected to identify the individuals. • A statement of all the administrative, technical and physical safeguards required to protect the confidentiality of the personal information, especially with respect to its use and disclosure. • A statement that the disclosure of the personal information will cease if the auditor is discovered to be improperly disclosing the information collected from the government institution. • The names, titles and signatures of the officials in both the supplying and receiving organizations who are responsible for the terms of the agreement, the date of the agreement and the period for which it is in effect.709 Government institutions should still abide by the data minimization and need-to-know principles when disclosing personal information. Only disclose the least amount of personal information necessary to achieve the purpose. Further, only disclose to those that have a 708 Service Alberta, FOIP Guidelines and Practices: 2009 Edition, Chapter 7 at p. 296. 709 Adapted from Service Alberta, FOIP Guidelines and Practices: 2009 Edition, Chapter 7 at pp. 270 to 271.
RkJQdWJsaXNoZXIy MTgwMjYzOA==