Guide to LA FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 124 • Are provided privacy training. Comply with means to act in accordance with or fulfil the requirements.345 If there is no documented policy, it will be difficult to communicate privacy and security practices to staff. On the other hand, with a written policy in place, a local authority is clearly demonstrating that it has done its due diligence with respect to privacy and security. This is crucial if the local authority’s practices are ever subject to a privacy audit, complaint, privacy breach or security incident.346 Every local authority should have a privacy policy that addresses the following: • Accountability for personal information. • Purpose for collecting personal information. • Consent for collecting, using, and disclosing personal information. • Accuracy and correction of personal information. • Retention and destruction of personal information. • Privacy breach management. • Use and disclosure audits. • Use and disclosure control. • Individual access to information. • Privacy complaint management. • Enforcement mechanisms.347 It should also have privacy procedures that provide staff with consistent steps for managing: • Complaints, breaches of privacy and security incidents. • Individual access to and correction of personal information. • Consent.348 345 British Columbia Government Services, FOIPPA Policy Definitions at https://www2.gov.bc.ca/gov/content/governments/services-for-government/policiesprocedures/foippa-manual/policy-definitions. Accessed April 23, 2020. 346 SK OIPC Investigation Report H-2011-001 at [115]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 9. 347 Adapted from SK OIPC Investigation Report H-2011-001 at [116]. 348 Adapted from SK OIPC Investigation Report H-2011-001 at [135]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers

RkJQdWJsaXNoZXIy MTgwMjYzOA==