Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 232 reason, not immoderate or excessive, the standard which one must observe to avoid liability for negligence, including foreseeable harms.611 Notify means to inform affected individual(s). For this provision, notification can occur quickly by telephone or in-person so the individual(s) can take immediate steps to protect themselves (e.g., change passwords, contact financial institutions, etc.) but should be followed up with notification in writing. Even where section 28.1 of LA FOIP does not apply, unless there is a compelling reason not to, local authorities should always notify affected individuals of a privacy breach.612 Affected individuals are in the best position to determine how a privacy breach will affect them.613 Notification to affected individuals should include the following information: • A description of the breach (a general description of what happened). • A detailed description of the personal information involved (e.g., name, credit card numbers, medical records, financial information, etc.). • A description of possible types of harm that may come to them because of the privacy breach. • Steps taken and planned to mitigate the harm and to prevent future breaches. • If necessary, advice on actions the individual can take to further mitigate the risk of harm and protect themselves (e.g., how to contact credit reporting agencies). • Contact information of an individual within your organization who can answer questions and provide further information. • A notice that individuals have a right to complain to the IPC (provide contact information). • Recognition of the impacts of the breach on affected individuals and, an apology.614 Unauthorized use or disclosure is one that does not comply with Part IV of LA FOIP. Part IV of LA FOIP contains the privacy provisions related to a local authority’s handling of personal information of individuals. 611 British Columbia Government Services, FOIPPA Policy Definitions at https://www2.gov.bc.ca/gov/content/governments/services-for-government/policiesprocedures/foippa-manual/policy-definitions. Accessed December 15, 2022. 612 SK OIPC Investigation Report 088-2022 at [23]. 613 SK OIPC Investigation Report 370-2021 at [19]. 614 SK OIPC resource, Privacy Breach Guidelines for Government Institutions and Local Authorities at p. 6, available at Privacy Breach Guidelines (oipc.sk.ca). Accessed December 16, 2022.
RkJQdWJsaXNoZXIy MTgwMjYzOA==