Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 236 Despite every effort, privacy breaches may still occur. The following are the recommended steps to take when a local authority discovers a breach of privacy has occurred. These best practice steps and additional detail can be found in OIPC resource, Privacy Breach Guidelines for Government Institutions and Local Authorities. Best Practice Steps for Breaches If you have discovered a privacy breach at your organization, contact your organization’s Privacy Officer immediately. Record all pertinent information related to the discovery of the breach. If the Commissioner becomes involved, the focus will be on whether the local authority handled the breach sufficiently in accordance with the four best practice steps outlined in this section. If the Commissioner issues an Investigation Report, it will address each of these four best practice steps outlined below and how the local authority addressed each step. For more on the Commissioner’s procedures when investigating a privacy breach see, The Rules of Procedure at Part 4. If you have been tasked with dealing with the privacy breach, consider the following four best practice steps: • Contain the breach • Notify affected individuals. • Investigate the breach. • Prevent future breaches. Contain the breach It is important to contain the breach immediately. In other words, ensure that personal information is no longer at risk. This may involve: • Stopping the unauthorized practice. • Recovering the records. • Shutting down the system that was breached. • Revoking access to personal information. • Correcting weaknesses in physical security.
RkJQdWJsaXNoZXIy MTgwMjYzOA==