Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 244 To assist local authorities, the IPC has developed a reporting form to proactively report a privacy breach to the IPC: Proactively Reported Breach of Privacy Reporting Form for Public Bodies. Local authorities should complete this form and submit it to intake@oipc.sk.ca. Advantages of proactively reporting of proactively reporting include: • May reduce the need for the IPC to issue a public report on the matter. • Receive timely, expert advice from the IPC - the IPC can help guide the local authority on what to consider, what questions to ask, and what parts of LA FOIP or The Local Authority Freedom of Information and Protection of Privacy Regulations may be applicable. • Should the media contact the local authority, the local authority can advise it has notified the IPC of the privacy breach and will seek assistance from the IPC with handling it. • Should affected individuals contact the IPC, the IPC can assure the individuals that the IPC is aware of the breach which may prevent a formal complaint to the IPC. When a local authority proactively reports a privacy breach to the IPC, a file will be opened. The local authority will be asked to complete and provide the IPC’s Privacy Breach Investigation Questionnaire (Questionnaire) and any other relevant material within 30 days. The Questionnaire takes local authorities through the four best practice steps of responding to a breach (containment, notification, investigation and prevention of future breaches). The completed Questionnaire should provide the IPC with what is required to conduct an investigation. If further information is required, the IPC will advise. Once the IPC receives the relevant material, it will review the file and make a decision. The possible outcomes are as follows: • If the Commissioner is satisfied with the local authority’s overall response to the breach, the file will be closed informally without a public report. This process may include some informal recommendations from the IPC. • If the breach is egregious or it involves a large number of affected individuals, the Commissioner may determine that a report will be issued.
RkJQdWJsaXNoZXIy MTgwMjYzOA==