Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 233 Reasonable in the circumstances - whether something is reasonable is a subjective assessment which means fair, proper, just, moderate, suitable under the circumstances, rational, governed by reason, not immoderate or excessive, the standard which one must observe to avoid liability for negligence, including foreseeable harms.615 Real risk of significant harm may, among other things, include bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.616 Significant means noteworthy, important, and consequential.617 When assessing whether there is a “real risk of significant harm”, the local authority can consider the following factors: • Who obtained or could have obtained access to the information? • Is there a security measure in place to prevent unauthorized access, such as encryption? • Is the information highly sensitive? • How long was the information exposed? • Is there evidence of malicious intent or purpose associated with the breach, such as theft, hacking, or malware? • Could the information be used for criminal purposes, such as for identity theft or fraud? • Was the information recovered? • How many individuals are affected by the breach? • Are there vulnerable individuals involved, such as youth or seniors?618 For more on this topic, see the following: 615 British Columbia Government Services, FOIPPA Policy Definitions at https://www2.gov.bc.ca/gov/content/governments/services-for-government/policiesprocedures/foippa-manual/policy-definitions. Accessed December 15, 2022. 616 SK OIPC Rules of Procedure at p. 7. 617 British Columbia Government Services, FOIPPA Policy Definitions at https://www2.gov.bc.ca/gov/content/governments/services-for-government/policiesprocedures/foippa-manual/policy-definitions. Accessed April 23, 2020. 618 SK OIPC resource, Privacy Breach Guidelines for Government Institutions and Local Authorities at p. 5, available at Privacy Breach Guidelines (oipc.sk.ca) and SK OIPC Blog: Real Risk of Significant Harm, January 2, 2018. Available at Real Risk of Significant Harm | IPC (oipc.sk.ca). Accessed December 16, 2022.
RkJQdWJsaXNoZXIy MTgwMjYzOA==