Guide to FOIP-Chapter 6

Section 29.1: Notification .................................................................................................................................. 268 Privacy Breaches ................................................................................................................................................... 271 Best Practice Steps for Breaches ................................................................................................................ 273 Contain the breach ............................................................................................................................... 273 Notify ......................................................................................................................................................... 274 Investigate................................................................................................................................................ 275 Prevent ...................................................................................................................................................... 280 How IPC Investigations are Initiated......................................................................................................... 280 Process for Proactively Reported Breaches............................................................................................ 281 Section 30: Personal information of deceased individual..................................................................... 282 Subsection 30(1) ............................................................................................................................................... 282 Subsection 30(2) ............................................................................................................................................... 284 Section 31: Access to personal information............................................................................................... 287 Subsection 31(1) ............................................................................................................................................... 288 Subsection 31(2) ............................................................................................................................................... 289 Section 32: Right of correction ....................................................................................................................... 295 Subsection 32(1) ............................................................................................................................................... 296 Subsection 32(2) ............................................................................................................................................... 299 Subsection 32(2)(a).......................................................................................................................................... 301 Subsection 32(2)(b) ......................................................................................................................................... 305 Subsection 32(2)(c) .......................................................................................................................................... 307 Subsection 32(3) ............................................................................................................................................... 308 Section 49: Application for review ................................................................................................................. 309 Subsection 49(1)(a.4): Privacy complaints............................................................................................... 309 Subsection 49(1)(c): Correction reviews .................................................................................................. 312 Subsection 49(2): 1 Year Deadline ............................................................................................................. 313 Section 50: Review or refusal to review ....................................................................................................... 313 Subsection 50(2)(a.6): Insufficient evidence........................................................................................... 314 Validity Test ............................................................................................................................................. 314 Privacy Impact Assessments (PIAs)................................................................................................................ 315

RkJQdWJsaXNoZXIy MTgwMjYzOA==