Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 89 SECTION 24.1: DUTY OF GOVERNMENT INSTITUTION TO PROTECT Duty of government institution to protect 24.1 Subject to the regulations, a government institution shall establish policies and procedures to maintain administrative, technical and physical safeguards that: (a) protect the integrity, accuracy and confidentiality of the personal information in its possession or under its control; (b) protect against any reasonably anticipated: (i) threat or hazard to the security or integrity of the personal information in its possession or under its control; (ii) loss of the personal information in its possession or under its control; or (iii) unauthorized access to or use, disclosure or modification of the personal information in its possession or under its control; and (c) otherwise ensure compliance with this Act by its employees. Privacy breaches happen when personal information is collected, used, or disclosed in ways that do not follow the rules set out in FOIP. The media frequently report stories of lost and stolen laptops, hacked and lost databases, identity theft, various kinds of internet fraud and the general misuse of personal information. Most often, these stories involve personal information collected by the private sector.272 However, sometimes, it is personal information collected by government institutions. Section 24.1 of FOIP establishes a government institution’s duty to protect personal information. This includes establishing policies and procedures to maintain administrative, technical, and physical safeguards that: • Protect the integrity, accuracy, and confidentiality of personal information (24.1(a)) • Protect against any reasonably anticipated threat or hazard to the security or integrity of personal information (24.1(b)(i)) • Protect against loss of personal information (24.1(b)(ii)) • Protect against unauthorized access to or use, disclosure, or modification of personal information (24.1(b)(iii)) 272 AB IPC resource, Personal Information Protection Act (PIPA), PIPA Advisory #8: Implementing Reasonable Safeguards at p. 1.
RkJQdWJsaXNoZXIy MTgwMjYzOA==