Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 125 Section 23.2: Information Management Service Provider Information management service provider 23.2(1) A local authority may provide personal information to an information management service provider for the purposes of: (a) having the information management service provider process, store, archive or destroy the personal information for the local authority; (b) enabling the information management service provider to provide the local authority with information management or information technology services; (c) having the information management service provider take possession or control of the personal information; (d) combining records containing personal information; or (e) providing consulting services. (2) Before disclosing personal information to an information management service provider, a local authority shall enter into a written agreement with the information management service provider that: (a) governs the access to and use, disclosure, storage, archiving, modification and destruction of the personal information; (b) provides for the protection of the personal information; and (c) meets the requirements of this Act and the regulations. (3) An information management service provider shall not obtain access to, use, disclose, process, store, archive, modify or destroy personal information received from a local authority except for the purposes set out in subsection (1). (4) An information management service provider shall comply with the terms and conditions of the agreement entered into pursuant to subsection (2). Section 23.2 of LA FOIP provides authority to a local authority to disclose personal information to an information management service provider for specific purposes outlined in the provision. An example of such a service is Crown Shred & Recycling which is a company utilized by many government institutions for record destruction services. Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 8.
RkJQdWJsaXNoZXIy MTgwMjYzOA==