Guide to LA FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 112 and environmental hazards. Examples include locked filing cabinets, offices and storage rooms, alarm systems and clean desk approaches.306 Physical safeguards generally include physical standards.307 They monitor and control the work environment. Most of these can be incorporated into every employee’s work routine. Examples of physical safeguards include: • Storing personal information in locked filing cabinets, offices, and buildings, with controls over distribution of the keys or lock combinations. • Storing personal information in secure areas where access is limited or restricted. • Logging out of or locking computers when stepping away from the work area. • Ensuring that local authority assets, such as laptop computers, are secured when they are out of the office and are encrypted (e.g., not left in vehicles). • Not leaving documents containing personal information on printers or fax machines. • Always using a cover sheet when faxing personal information. • Calling before sending a fax to make sure the intended recipient can retrieve it. • Making sure the right email address has been entered prior to sending an email. • Encrypting emails containing personal information prior to sending. • When replying to long email threads remove any recipients who no longer need to be involved before replying. • Limiting the amount of personal information provided in emails to that which is necessary (e.g., if everyone you are emailing knows the name of the individual being discussed, do not include the individual’s name in the email). • Shredding any documents containing personal information prior to disposal. • Labeling files containing personal information as a reminder to store them securely. • Card access systems, video surveillance and security guards.308 IPC Findings In Investigation Report 271-2017, the Commissioner investigated a privacy breach involving the Ministry of Corrections and Policing. A Corrections Officer with the Saskatoon 306 SK OIPC resource, Helpful Tips: Mobile Device Security at p. 2. 307 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 134. Available at https://open.alberta.ca/dataset/50877846-0fba-4dbb-a99feeb651533bc4/resource/3e16d527-2618-48ae-80b8-93f69973878e/download/hia-guidelinespractices-manual.pdf. Accessed June 18, 2020. 308 Government of Newfoundland and Labrador, ATIPP Office, Department of Justice and Public Safety, Protection of Privacy Policy and Procedures Manual, June 2015, at pp. 73 and 74.

RkJQdWJsaXNoZXIy MTgwMjYzOA==