Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 243 Analyze your cause-and-effect process and identify the changes that are needed. It is also important that you plan ahead to predict the effects of your solution. This way, you can spot potential failures before they happen. Prevent The most important part of responding to a privacy breach is to implement measures to prevent future breaches from occurring. • What steps can be taken to prevent a similar privacy breach. o Can your organization create or make changes to policies and procedures relevant to this privacy breach. o Are additional safeguards needed. o Is additional training needed. o Should a practice be stopped. How IPC Investigations are Initiated The IPC can learn of a privacy breach and begin an investigation in several different ways. Some of them include: • A citizen comes to the IPC with a complaint about a local authority’s actions or practices. • A third party in possession of personal information could notify the IPC. • Employees of a local authority inform the IPC of inappropriate practices within the organization. • The IPC acts on media reports. • The local authority proactively reports a breach to the IPC. The next section details the process when a local authority proactively reports a breach to the IPC. Process for Proactively Reported Breaches Local authorities should consider proactively reporting privacy breaches to the IPC. This means that when a local authority learns of a breach, it reports it to the IPC. While not mandatory, the IPC does encourage local authorities to proactively report.
RkJQdWJsaXNoZXIy MTgwMjYzOA==