Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 269 Notification to affected individuals should include the following information: • A description of the breach (a general description of what happened). • A detailed description of the personal information involved (e.g., name, credit card numbers, medical records, financial information, etc.). • A description of possible types of harm that may come to them because of the privacy breach. • Steps taken and planned to mitigate the harm and to prevent future breaches. • If necessary, advice on actions the individual can take to further mitigate the risk of harm and protect themselves (e.g., how to contact credit reporting agencies). • Contact information of an individual within your organization who can answer questions and provide further information. • A notice that individuals have a right to complain to the IPC (provide contact information). • Recognition of the impacts of the breach on affected individuals and, an apology.731 Unauthorized use or disclosure is one that does not comply with Part IV of FOIP. Part IV of FOIP contains the privacy provisions related to a government institution’s handling of personal information of individuals. Reasonable in the circumstances - whether something is reasonable is a subjective assessment which means fair, proper, just, moderate, suitable under the circumstances, rational, governed by reason, not immoderate or excessive, the standard which one must observe to avoid liability for negligence, including foreseeable harms.732 Real risk of significant harm may, among other things, include bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.733 731 SK OIPC resource, Privacy Breach Guidelines for Government Institutions and Local Authorities at p. 6, available at Privacy Breach Guidelines (oipc.sk.ca). Accessed December 16, 2022. 732 British Columbia Government Services, FOIPPA Policy Definitions at https://www2.gov.bc.ca/gov/content/governments/services-for-government/policiesprocedures/foippa-manual/policy-definitions. Accessed December 15, 2022. 733 SK OIPC Rules of Procedure at p. 7.
RkJQdWJsaXNoZXIy MTgwMjYzOA==