Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 293 Personal information, however, is only one form of information that may require special measures. The local authority may maintain records that are sensitive for other reasons. Consider, for example, law enforcement records that form part of an active investigation. The disclosure of this information may impede an investigation. Another example is location information for species at risk. The disclosure of this information could result in harm to an endangered species. To effectively protect sensitive information, the local authority must know where that information is held, who may access it and under what circumstances. You can start by developing sensitivity classifications for your records and assign appropriate safeguards for each sensitivity level. When implementing RIM practices and policies, it is essential to develop accompanying safeguard requirements. Records that contain personal information require several security controls. LA FOIP requires that local authorities have administrative, technical, and physical safeguards in place to protect personal information (see Section 23.1, earlier in this Chapter). In addition to safeguards, consider data minimization and need-to-know at all stages of sensitive information handling (see Need-to-Know Principle and Data Minimization Principle earlier in this Chapter. For more on this best practice see SK OIPC resource, Improving Access and Privacy with Records and Information Management. 3. Design with access and privacy in mind When local authorities implement or plan to implement new information systems or technologies, it is essential that these tools be capable of functions that support access and privacy obligations under LA FOIP. When a system is not capable of simple extraction, the costs associated with an access or correction request may ultimately come at the expense of the local authority. Likewise, the lack of extraction capability could prevent the appropriate destruction or archiving of records, leading to potential privacy and access issues. Consult with access and privacy staff, records management, legal and information technology staff before implementing a new system. The following may be taken into consideration when implementing a new system or technology:
RkJQdWJsaXNoZXIy MTgwMjYzOA==