Guide to LA FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 113 Correctional Centre left an inmate file on a unit’s food cart and as a result, inmates were able to view the file and remove portions of the contents of the inmate’s file. Further, after viewing the file contents, two inmates assaulted and killed another inmate. The Commissioner made several recommendations including that the Ministry of Corrections and Policing amend its Code of Professional Conduct to reflect the duty to protect personal information under the equivalent provision in The Freedom of Information and Protection of Privacy Act (FOIP). The Commissioner also recommended it amend its Oath or Declaration of Office to include an employee’s duty to protect personal information pursuant to section 24.1 of FOIP. In Investigation Report 200-2018, the Commissioner investigated a breach of privacy involving the Saskatchewan Legal Aid Commission (SLAC). The SLAC had left its doors unlocked and wide open overnight. The Commissioner found that SLAC did not have appropriate safeguards in place to protect personal information and personal health information. This was partly since the SLAC did not have records stored in locked cabinets or locked offices at the end of the day even though cleaning staff had access to the space on a regular basis. Ultimately, it was cleaning staff that left the doors unlocked and wide open leaving the unsecured records accessible to anyone who wished to enter. Despite having a policy encouraging a clean desk, it falls short if records are not put away in locked cabinets. As such, the Commissioner found that the SLAC’s practices did not go far enough to meet its obligations to protect under the equivalent provision in The Freedom of Information and Protection of Privacy Act (FOIP). The Commissioner recommended that SLAC develop and implement appropriate safeguards to protect personal information and personal health information as required by section 24.1 of FOIP and section 16 of The Health Information Protection Act. The Commissioner indicated that this should include the use of physical safeguards, such as storing records containing personal information and personal health information in offices with locked doors or locked filing cabinets to prevent unauthorized access to these records.

RkJQdWJsaXNoZXIy MTgwMjYzOA==