Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 101 information management service provider). Rather, local authorities should monitor whether their agents are meeting the privacy requirements in their contracts. Effective monitoring entails setting dates for agents to report on their compliance, visiting agents’ sites to evaluate privacy protection, meeting with agents regularly to discuss how current procedures are working and develop ways to remedy any issues and notifying agents of any changes in the local authority’s own information practices that agents will be asked to adopt.280 All privacy requirements in a local authority’s contracts with its agents should be strictly enforced. If agents refuse or fail to resolve discovered problems, court action or ending the contract may be the local authority’s only options.281 5. A privacy awareness and education program Local authorities should provide all staff with practical, accessible, concrete, and granular information about what they must do to comply with LA FOIP in the course of collection, use and disclosure of personal information. Four predictable problem areas are security, access, consent, and disclosure.282 6. Consent and communication with individuals The best way of communicating information about privacy policies and procedures is by posting the organization’s privacy policy or notice online or by providing a handout.283 Local authorities should identify the consent requirements under LA FOIP for any activities that involve personal information. Consent means informed voluntary agreement by the individual with what is being done or proposed, given explicitly, either orally or in writing. Express consent is unequivocal and does 280 SK OIPC Investigation Report H-2011-001 at [164]. Originates from The Personal Health Information Protection Act - Implementing Best Privacy Practices, Scott, Graham. et al., LexisNexis Butterworths: Ontario, 2005, at p. 97. 281 SK OIPC Investigation Report H-2011-001 at [164]. Originates from The Personal Health Information Protection Act - Implementing Best Privacy Practices, Scott, Graham. et al., LexisNexis Butterworths: Ontario, 2005, at p. 97. 282 SK OIPC Investigation Report H-2011-001 at [149]. 283 SK OIPC Investigation Report H-2011-001 at [156]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 8.
RkJQdWJsaXNoZXIy MTgwMjYzOA==