Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 92 • Comply with legislative, privacy and contractual requirements • Identify consequences of security policy violations If there is no documented policy, it will be difficult to communicate privacy and security practices to individuals, the public and external stakeholders, or partners. On the other hand, with a written policy in place, you are clearly demonstrating that you have done your due diligence with respect to privacy and security. This is crucial if your practice is ever subject to a privacy audit, complaint, privacy breach or security incident.283 Every government institution should have a privacy policy that addresses the following: • Accountability for personal information • Purpose for collecting personal information • Consent for collecting, using, and disclosing personal information • Accuracy and correction of personal information • Retention and destruction of personal information • Privacy breach management • Use and disclosure audits • Use and disclosure control • Individual access to information • Privacy complaint management • Enforcement mechanisms284 3. Privacy procedures Establish privacy procedures to serve as an extension of the privacy policy. Procedures should provide staff with consistent steps for managing: • Complaints, breaches of privacy and security incidents • Individual access to and correction of personal information • Consent285 283 SK OIPC Investigation Report H-2011-001 at [115]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 9. 284 Adapted from SK OIPC Investigation Report H-2011-001 at [116]. 285 Adapted from SK OIPC Investigation Report H-2011-001 at [135]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers
RkJQdWJsaXNoZXIy MTgwMjYzOA==