Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 271 However, the Commissioner has issued several Investigation Reports since this provision came into force in January 2018 reminding government institutions of this requirement. The Commissioner has considered the equivalent provision in The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP). In Investigation Report 092-2022, Living Sky School Division proactively reported a breach of privacy incident to the Commissioner. The privacy breach occurred when a backpack was stolen from a privacy officer’s vehicle. The backpack contained a file that had an employee’s personal information in it including employment history. During the investigation by the Commissioner, it was discovered that notice of the breach was not provided by Living Sky School Division to the employee. The Commissioner determined that based on the circumstances of the case a real risk of significant harm to the employee existed and as such, Living Sky School Division should provide notice of the breach to the employee within 30 days of the issuance of the Commissioner’s Report. PRIVACY BREACHES A privacy breach occurs where there is an unauthorized collection, use and/or disclosure of personal information. There are also other ways a privacy breach can occur. The following is a summary of some of the causes: Collection: A privacy breach could occur if a government institution collects personal information without authority under FOIP. The rules for collection are found in sections 25 and 26 of FOIP. Non-compliance with these sections is considered a breach of privacy. Use: A privacy breach could occur when personal information, already in the possession or control of the government institution, is used without authority under FOIP. The rules for use are found in section 28 of FOIP. Non-compliance with this section is considered a breach of privacy. Disclosure: A privacy breach occurs when an unauthorized disclosure of personal information transpires (e.g., when personal information is missing or when a government institution shares personal information with another organization without authority).
RkJQdWJsaXNoZXIy MTgwMjYzOA==