Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 315 PRIVACY IMPACT ASSESSMENTS (PIAS) A Privacy Impact Assessment (PIA) is a diagnostic tool designed to help organizations assess their compliance with the privacy requirements in Saskatchewan legislation.808 One purpose of FOIP is to protect individuals against unauthorized collection, use and/or disclosure of their personal information in the possession or control of government institutions. An aspect of this duty to protect, is the duty to protect against any “reasonably anticipated” breaches of personal information (see Section 24.1 earlier in this Chapter). A privacy impact assessment process is one tool that can help accomplish this.809 Privacy impact is where there are inadequate safeguards to protect personal information, or the legislation does not authorize collection, use, and/or disclosure of personal information.810 What is a Privacy Impact Assessment (PIA)? A PIA is a process that assists organizations in assessing whether a project, program or process complies with the applicable access and privacy legislation. In Saskatchewan, government institutions are subject to FOIP. FOIP sets out rules as to how personal information is to be collected, used and/or disclosed. When a project, program or process is being designed, a PIA should be used to identify areas where there may be a privacy impact or risk.811 A PIA is NOT: • A security assessment or a threat/risk assessment. • A strategic planning exercise. • An approval process. • A privacy audit. 808 SK OIPC Investigation Report F-2013-001 at [131]. 809 Adapted from Government of Manitoba, FIPPA for Public Bodies – Resource Manual, Chapter 6, Protection of Privacy at p. 6-247. Available at Chapter (gov.mb.ca). Accessed December 17, 2022. 810 SK OIPC resource Privacy Impact Assessment: A Guidance Document at p. 2. Available at Privacy Impact Assessment (oipc.sk.ca). Accessed December 17, 2022. 811 SK OIPC resource Privacy Impact Assessment: A Guidance Document at p. 2. Available at Privacy Impact Assessment (oipc.sk.ca). Accessed December 17, 2022.

RkJQdWJsaXNoZXIy MTgwMjYzOA==