Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 341 and unauthorized use or disclosure, such as transferring records and media to another satellite location that has working equipment without a pre-established protocol to do so. Alternative measures may include keeping all materials to be shredded in a secure, clearly marked container until a new crosscut shredder is available. Or another secure destruction service provider may be contracted in accordance with an organization’s criteria for choosing a service provider. (vi) Application of the policy A secure destruction policy should apply to all operating units of an organization, including remote operations, divisions, or subsidiaries. The policy should document variations in the application of the policy, for example, if secure destruction is outsourced at a remote operating unit location but destroyed internally at a central location. B. Segregate and Securely Store Personal Information (i) Prior to destruction Organizations must ensure that personal information in its custody or control is securely stored and protected against theft, loss and unauthorized use or disclosure. Also, that no unauthorized person will have access to the information between the time the records leave the organization until their actual destruction. As such, organizations should establish a procedure for segregating and securing personal information prior to destruction. Once paper records have been segregated or stored prior to destruction, an organization may wish to isolate and label those records to lessen the possibility that there is unauthorized access or that they are disposed in an inappropriate manner (e.g., mistakenly placed in the recycling bin instead of destroying). Options for storing paper media include a secured workstation container or secured general office container kept in a separate location from all recycling bins. Electronic media should also be segregated and secured. An organization may want to have satellite locations refrain from sending electronic media to another unit of the organization without detailed written permission from a designated individual within the organization. Organizations may wish to provide an easy point of contact for coordinating removal of electronic storage media from service such as hard drives.
RkJQdWJsaXNoZXIy MTgwMjYzOA==