Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 118 • Disclosure of information – e.g., unauthorized verbal disclosure, leaving information displayed on a monitor, electronic interception of information travelling over a transmission line, such as a fax machine or cellular phone, faxing information to the wrong fax number. • Service interruption – e.g., power failure, labour dispute, denial of service attack on an Internet server. • Modification of data – e.g., malicious code, forgery, addition of data to a record. • Accidental or deliberate loss of data – e.g., physical damage to hardware, willful destruction of recorded information, information destroyed in a flood or fire. • Misuse of information – e.g., transfer of or sale of personal information in contravention of LA FOIP. • Information not being available – e.g., records that are misdirected or misfiled, or that are destroyed in a manner that is not in accordance with approved records retention and disposition schedules or policies.322 Local authorities should determine the likelihood (low, medium, or high) of each or any of the above threats occurring. Identify the potential consequences and rate the seriousness (less serious, serious, or very serious) of the events if they were to occur.323 In considering reasonably anticipated threats or hazards, it is exceedingly unlikely that a local authority will be in compliance with subsection 23.1(b)(i) of LA FOIP if it does not have: • A specifically tasked privacy officer with a clear mandate and appropriate training. • Extensive training of staff in LA FOIP requirements and provisions. • Comprehensive, clear and practical written policies and procedures that are reinforced through leadership and training of staff. • Written contracts with information management service providers (IMSPs) that specifically address the requirements of section 23.1 of LA FOIP. • Audit of use and disclosures of personal information. • Effective enforcement action to follow any breach.324 322 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 318. Available at https://open.alberta.ca/dataset/50877846-0fba-4dbb-a99feeb651533bc4/resource/3e16d527-2618-48ae-80b8-93f69973878e/download/hia-guidelinespractices-manual.pdf. Accessed June 23, 2020. 323 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 318. Available at https://open.alberta.ca/dataset/50877846-0fba-4dbb-a99feeb651533bc4/resource/3e16d527-2618-48ae-80b8-93f69973878e/download/hia-guidelinespractices-manual.pdf. Accessed June 23, 2020. 324 Adapted from SK OIPC Investigation Report H-2011-001 at [92].
RkJQdWJsaXNoZXIy MTgwMjYzOA==