Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 270 Significant means noteworthy, important, and consequential.734 When assessing whether there is a “real risk of significant harm”, the government institution can consider the following factors: • Who obtained or could have obtained access to the information? • Is there a security measure in place to prevent unauthorized access, such as encryption? • Is the information highly sensitive? • How long was the information exposed? • Is there evidence of malicious intent or purpose associated with the breach, such as theft, hacking, or malware? • Could the information be used for criminal purposes, such as for identity theft or fraud? • Was the information recovered? • How many individuals are affected by the breach? • Are there vulnerable individuals involved, such as youth or seniors?735 For more on this topic, see the following: SK OIPC Blogs: Real Risk of Significant Harm Notifying affected individuals: what should I put in the letter? SK OIPC Resources: Privacy Breach Guidelines for Government Institutions and Local Authorities IPC Findings As of the issuing of this Chapter, the Commissioner has not considered this provision in any significant way in a Report yet. This section will be updated accordingly when it is considered. 734 British Columbia Government Services, FOIPPA Policy Definitions at https://www2.gov.bc.ca/gov/content/governments/services-for-government/policiesprocedures/foippa-manual/policy-definitions. Accessed April 23, 2020. 735 SK OIPC resource, Privacy Breach Guidelines for Government Institutions and Local Authorities at p. 5, available at Privacy Breach Guidelines (oipc.sk.ca) and SK OIPC Blog: Real Risk of Significant Harm, January 2, 2018. Available at Real Risk of Significant Harm | IPC (oipc.sk.ca). Accessed December 16, 2022.
RkJQdWJsaXNoZXIy MTgwMjYzOA==