Guide to LA FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 103 • Personal information should not be lying around on a desk in a room where those without a need-to-know frequent. • When file cabinets and rooms should be locked and who should have access. • Personal information is subject to access to information requests and should be in a filing system where it is easily retrievable if required to do so. • The training programs to make employees aware of these policies and procedures as well as LA FOIP in general.287 A privacy policy cannot, by itself, protect personal information held by an organization. Privacy policies that are not reflected in actual practice through strong implementation, training, and auditing will fail to safeguard personal information against privacy risks. But if we return to the true meaning of “policy,” we will be reminded that it was always intended to be rooted in action. The Concise Oxford Dictionary defines policy as: “a course, or general plan of action adopted or proposed…”288 Technical Technical safeguards mean the technology and the policy and procedures for its use to protect personal information and control access to it. Examples of technical safeguards include separate user identifications, passwords, firewalls, identification and authentication controls, virus scanners and audit capabilities in digital systems.289 Technical safeguards generally include technical security services and mechanisms.290 General features of technical safeguards can include the following: • Firewalls • Encrypted transmissions with VPN technology • Use of private keys to decrypt files 287 SK OIPC Investigation Report LA-2013-003 at [82]. See also Investigation Report 200-2018 at [32]. 288 ON IPC resource, A Policy is Not Enough: It Must be Reflected in Concrete Practices, September 2012 at p. 1. Available at https://www.ipc.on.ca/resource/a-policy-is-not-enough-it-must-be-reflected-inconcrete-practices/. 289 SK OIPC resource, Helpful Tips: Mobile Device Security at p. 2. 290 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 134. Available at https://open.alberta.ca/dataset/50877846-0fba-4dbb-a99feeb651533bc4/resource/3e16d527-2618-48ae-80b8-93f69973878e/download/hia-guidelinespractices-manual.pdf. Accessed June 18, 2020.

RkJQdWJsaXNoZXIy MTgwMjYzOA==