Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 361 Personal email providers might not have adequate protections for personal information. If the information is sensitive, encryption can ensure the email is not readable along its journey. Digital signatures ensure accuracy by preventing the email contents from being tampered with or altered. The email system should be secure and meet current industry standards. The International Organization for Standardization (ISO) is the leading authority on international standards. ISO recommended the following with regards to electronic messaging: 13.2.3 Electronic messaging Control Information involved in electronic messaging should be appropriately protected. Implementing guidance Information security considerations for electronic messaging should include the following: a) protecting messages from unauthorized access, modification, or denial of service commensurate with the classification scheme adopted by the organization. b) ensuring correct addressing and transportation of the message. c) reliability and availability of the service. d) legal considerations, for example requirements for electronic signatures. e) obtaining approval prior to using external public services such as instant messaging, social networking, or file sharing. f) stronger levels of authentication controlling access from publicly accessible network.862 When outside the government network, emails may be intercepted, may not be backed-up and may not have strong passwords. The Government of Saskatchewan email system using 862 International Organization for Standardization, Information Technology, ISO/IEC 27002, 2013. See also, SK OIPC Investigation Report 101-2017 at [30].
RkJQdWJsaXNoZXIy MTgwMjYzOA==