Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 143 Local authorities should undertake a regular review of their collection instruments to determine which ones require the inclusion of collection notices. Collection notices should be included on all print and electronic forms used to collect personal information directly.399 IPC Findings In Investigation Report F-2012-001, the Commissioner considered the over collection of a customer’s personal information by Saskatchewan Telecommunications (SaskTel) as part of its identity verification process. The Commissioner found that SaskTel did not have authority to collect the Saskatchewan Health Services Number. Secondly, SaskTel did not provide a satisfactory explanation as to why it needed to collect other unique identifiers over the telephone since it could not verify the accuracy of same. Thirdly, the Commissioner found that SaskTel was collecting third party personal information without authority. Further, the Commissioner found that SaskTel was not meeting the notice requirements of subsection 26(2) of The Freedom of Information and Protection of Privacy Act (FOIP) – equivalent to subsection 25(2) of LA FOIP. It’s notification on its website was too vague to be particularly informative to customers as it made no mention of the options to provide alternative information instead of unique identifiers and other sensitive personal information. The Commissioner recommended that SaskTel conduct a privacy impact assessment, revise its privacy policy and prepare a script to ensure that its customers understand what is optional when providing proof of identity. The Commissioner further recommended that SaskTel purge its systems of all personal information and personal health information of its customers and third parties that it collected without the requisite authority within 60 days. Subsection 25(3): Exception to Informing Manner of collection 25(3) Subsections (1) and (2) do not apply where compliance with them might result in the collection of inaccurate information or defeat the purpose or prejudice the use for which the information is collected. Subsection 25(3) of LA FOIP provides that subsections (1) and (2) do not apply where compliance with them might result in “the collection of inaccurate information or defeat the purpose or prejudice the use for which the information is collected.” 399 Service Alberta, FOIP Guidelines and Practices: 2009 Edition, Chapter 7, p 250
RkJQdWJsaXNoZXIy MTgwMjYzOA==