8 Office of the Saskatchewan Information and Privacy Commissioner. Guide to Faxing: Preventing Breaches with Safeguards and Responding to a Privacy Breach. 5 Feb. 2026. While it may be a one-off occurrence because of sender error, there are times when the same public body or trustee may continually send faxes to the same unintended recipient – this may speak to a larger systematic issue that the public body or trustee is either not aware of or has not taken steps to address.6 If you receive a misdirected fax, the first thing you should do is review the fax cover page or header information for contact information. Contact the public body or trustee to determine who their privacy officer is. Let the privacy officer know details about what you received and ask how they will manage the breach. Options include: the public body or trustee can send someone to pick up the misdirected fax, or they may ask you to securely destroy it. If you are asked to securely destroy the information, you should confirm with the public body or trustee that you have done so and how. If you are able, you could also hand deliver the fax to ensure it ends up in the right hands. As an unintended recipient if you do not assist in containment, you may be exacerbating the breach. If the public body or trustee does not take steps to contain the breach, at that point, you may contact the OIPC for guidance. If You are a Public Body or Trustee A public body or trustee should consider proactively reporting a privacy breach by misdirected fax to OIPC that it was responsible for a variety reasons. It may reduce the chance that OIPC will issue a public investigation report on the matter as provides OIPC with an opportunity to provide support and guidance to the public body or trustee at early stages. Doing so also allows the public body or trustee to assure affected individuals or media that OIPC is engaged. When OIPC investigates a privacy breach that is proactively reported where a breach is confirmed, there are three possible outcomes: • If OIPC is satisfied with how the public body or trustee managed the breach, then the file may be closed informally, and no public investigation report is issued. • If OIPC is not satisfied with how the public body or trustee managed the breach, if the breach is egregious, if there are systematic issues, if there is a significant number of affected individuals, or if there is educational value in doing so, OIPC will issue a public investigation report. • If there are affected individuals who make a formal complaint, OIPC will advise the public body or trustee that a public investigation report will be issued. If a complainant comes forward, OIPC will typically open a file and advise the public body or trustee accordingly. 6 OIPC Investigation Report 032-2022 at paragraphs [37] and [38].
RkJQdWJsaXNoZXIy MTgwMjYzOA==