Office of the Information and Privacy Commissioner. Guide to LA FOIP, CHAPTER 2, Administration of LA FOIP. Updated 2 March 2023. 16 what is required to conduct an investigation. If further information is required, the IPC will advise. Upon receipt, the focus of the IPC is on whether the local authority appropriately handled the breach. This is based on whether the local authority adequately addressed each of the four best practices recommended by the IPC. The four best practices include: 1. Contain the breach 2. Notify affected individuals and/or appropriate organizations 3. Investigate the breach 4. Prevent future breaches19 Once the IPC receives the relevant material, it will review the file and make a decision. The possible outcomes are as follows: • If the Commissioner is satisfied with the local authority’s overall response to the breach, the file will be closed informally without a public report. This process may include some informal recommendations from the IPC. • If the breach is egregious or it involves a large number of affected individuals, the Commissioner may determine that a report will be issued. • If an affected individual makes a formal complaint, the Commissioner may determine that a report will be issued. • If the Commissioner is not satisfied with the local authority’s response or handling of the breach, the IPC will issue a report. Once the IPC has made a decision, the local authority will be advised if a report will be issued or not. The local authority will also be notified if an affected individual makes a formal complaint, which may also result in a public report.20 If you have questions or need further guidance, contact the SK OIPC at intake@oipc.sk.ca. 19 SK OIPC Resource, Privacy Breach Guidelines for Government Institutions and Local Authorities at pp. 6 to 9. 20 For more, see SK OIPC resource, Privacy Breach Guidelines for Government Institutions and Local Authorities. Available at Privacy Breach Guidelines (oipc.sk.ca).
RkJQdWJsaXNoZXIy MTgwMjYzOA==