Guide to LA FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 100 • Individual access to and correction of personal information • Consent275 Written procedures should address collection, use and disclosure practices.276 4. Agreements Enter into agreements before sharing any personal information with a third party. Agreements protect employees and the organization by establishing the terms and conditions of providing personal information that it may receive from or share with others, including centralized databases and other local authorities. Agreements can also establish accountability between the local authority and electronic service providers, including network providers.277 If an information manager (computer support person, off-site storage company, etc.), has access to personal information, a written agreement should be in place whereby the information manager agrees to ensure confidentiality and limit access to the records.278 Where contracted services are used for storage, transportation, or destruction of records, including security provisions in the service contract, local authorities should require the contractors to provide a certificate of destruction.279 Local authorities should enforce contractual privacy provisions. A local authority’s responsibilities do not end after signing a contract with an agent (i.e., contractor or 275 Adapted from SK OIPC Investigation Report H-2011-001 at [135]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 8. 276 SK OIPC Investigation Report H-2011-001 at [136]. 277 Adapted from SK OIPC Investigation Report H-2011-001 at [142]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 8. 278 Adapted from SK OIPC Investigation Report H-2011-001 at [143]. Originates from College of Physicians and Surgeons of Saskatchewan, Checklist for Compliance with HIPA at p. 2. 279 British Columbia Government Services, FOIPPA Policy and Procedures Manual, Section 30 – Protection of personal information, available at https://www2.gov.bc.ca/gov/content/governments/services-for-government/policiesprocedures/foippa-manual/protection-personal-information#Unauthorized_access. Accessed June 11, 2020.

RkJQdWJsaXNoZXIy MTgwMjYzOA==