Guide to LA FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 234 SK OIPC Blogs: Real Risk of Significant Harm Notifying affected individuals: what should I put in the letter? SK OIPC Resources: Privacy Breach Guidelines for Government Institutions and Local Authorities IPC Findings In Investigation Report 092-2022, Living Sky School Division proactively reported a breach of privacy incident to the Commissioner. The privacy breach occurred when a backpack was stolen from a privacy officer’s vehicle. The backpack contained a file that had an employee’s personal information in it including employment history. During the investigation by the Commissioner, it was discovered that notice of the breach was not provided by Living Sky School Division to the employee. The Commissioner determined that based on the circumstances of the case a real risk of significant harm to the employee existed and as such, Living Sky School Division should provide notice of the breach to the employee within 30 days of the issuance of the Commissioner’s Report. Privacy Breaches A privacy breach occurs where there is an unauthorized collection, use and/or disclosure of personal information. There are also other ways a privacy breach can occur. The following is a summary of some of the causes: Collection: A privacy breach could occur if a local authority collects personal information without authority under LA FOIP. The rules for collection are found in sections 24 and 25 of LA FOIP. Non-compliance with these sections is considered a breach of privacy. Use: A privacy breach could occur when personal information, already in the possession or control of the local authority, is used without authority under LA FOIP. The rules for use are found in section 27 of LA FOIP. Non-compliance with this section is considered a breach of privacy.

RkJQdWJsaXNoZXIy MTgwMjYzOA==