Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 337 important to dispose of personal information under conditions that protect the privacy rights of the individual. Government institutions should include a provision in their record destruction polices that employees must obtain internal authorization prior to the destruction of personal information. The government institution could develop a process to authorize the destruction of batches of records on a single authorization. The authorization should include a signature field or sign-off and the level of authorization required.830 All too often, sensitive personal information intended for destruction is left in unsecured conditions and may be exposed to unauthorized access and, possibly, use. Examples include disposal of documents containing personal information in garbage bags that have been ripped open and disposal of personal information in a recycling container.831 Securely disposing of personal information Authorized disposition of personal information can occur through: • Transfer of records to the custody of the Provincial Archives of Saskatchewan or the archives of a government institution. • Physical destruction of records containing personal information in such a way that it cannot be retrieved or reconstructed (e.g., cross-shredding).832 Securely disposing of electronic records Used office and computer equipment poses a special risk. For example, filing cabinets moved to an auction centre with files containing personal information still inside or computer hard drives put up for auction with information still stored on them. At a minimum, computer hard drives need to be professionally wiped clean of data before they are disposed of or sold. Care should also be taken in the return or disposal of devices, such as facsimile machines, scanners, and photocopiers, that retain information in memory.833 830 Adapted from SK OIPC Investigation Report H-2011-001 at [140]. Originated from ON IPC resource, Get Rid of it Securely to Keep it Private – Best Practices for the Secure Destruction of Personal Health Information, October 2009, at p. 9. 831 Service Alberta, FOIP Guidelines and Practices, 2009 Edition, Chapter 8 at p. 310. 832 Service Alberta, FOIP Guidelines and Practices, 2009 Edition, Chapter 8 at p. 310. 833 Service Alberta, FOIP Guidelines and Practices, 2009 Edition, Chapter 8 at pp. 310 to 311.

RkJQdWJsaXNoZXIy MTgwMjYzOA==