Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 280 Analyze your cause-and-effect process and identify the changes that are needed. It is also important that you plan ahead to predict the effects of your solution. This way, you can spot potential failures before they happen. Prevent The most important part of responding to a privacy breach is to implement measures to prevent future breaches from occurring. • What steps can be taken to prevent a similar privacy breach. o Can your organization create or make changes to policies and procedures relevant to this privacy breach. o Are additional safeguards needed. o Is additional training needed. o Should a practice be stopped. How IPC Investigations are Initiated The IPC can learn of a privacy breach and begin an investigation in several different ways. Some of them include: • A citizen comes to the IPC with a complaint about a government institution’s actions or practices. • A third party in possession of personal information could notify the IPC. • Employees of a government institution inform the IPC of inappropriate practices within the organization. • The IPC acts on media reports. • The government institution proactively reports a breach to the IPC. The next section details the process when a government institution proactively reports a breach to the IPC.

RkJQdWJsaXNoZXIy MTgwMjYzOA==