Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 286 Privacy Impact Assessments (PIAs) A Privacy Impact Assessment (PIA) is a diagnostic tool designed to help organizations assess their compliance with the privacy requirements in Saskatchewan legislation.722 One purpose of LA FOIP is to protect individuals against unauthorized collection, use and/or disclosure of their personal information in the possession or control of local authorities. An aspect of this duty to protect, is the duty to protect against any “reasonably anticipated” breaches of personal information (see Section 23.1 earlier in this Chapter). A privacy impact assessment process is one tool that can help accomplish this.723 Privacy impact is where there are inadequate safeguards to protect personal information, or the legislation does not authorize collection, use, and/or disclosure of personal information.724 What is a Privacy Impact Assessment (PIA)? A PIA is a process that assists organizations in assessing whether a project, program or process complies with the applicable access and privacy legislation. In Saskatchewan, local authorities are subject to LA FOIP. LA FOIP sets out rules as to how personal information is to be collected, used and/or disclosed. When a project, program or process is being designed, a PIA should be used to identify areas where there may be a privacy impact or risk.725 A PIA is NOT: • A security assessment or a threat/risk assessment. • A strategic planning exercise. • An approval process. • A privacy audit. 722 SK OIPC Investigation Report F-2013-001 at [131]. 723 Adapted from Government of Manitoba, FIPPA for Public Bodies – Resource Manual, Chapter 6, Protection of Privacy at p. 6-247. Available at Chapter (gov.mb.ca). Accessed December 17, 2022. 724 SK OIPC resource Privacy Impact Assessment: A Guidance Document at p. 2. Available at Privacy Impact Assessment (oipc.sk.ca). Accessed December 17, 2022. 725 SK OIPC resource Privacy Impact Assessment: A Guidance Document at p. 2. Available at Privacy Impact Assessment (oipc.sk.ca). Accessed December 17, 2022.
RkJQdWJsaXNoZXIy MTgwMjYzOA==