Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 294 • Conduct a privacy impact assessment to determine whether the risks outweigh the benefits and if all access and privacy legislation is being met. See Privacy Impact Assessments (PIAs) earlier in this Chapter. • Determine if the system is compliant with your jurisdictional RIM requirements. • Determine goals and objectives of the system or technology. Determine what needs to be collected to reach the desired outcome. • Determine the structure and format of the data. For example, structured or unstructured fields. • Determine if training will need to be done. Will the vendor demonstrate to the staff, or will simple on-site training be done. • Following implementation, test the system. Are all access and privacy expectations being met. • Determine when updates and maintenance should be completed. For more on this best practice see SK OIPC resource, Improving Access and Privacy with Records and Information Management. IPC Findings In Review Report 035-2018, the Commissioner reviewed a denial of access by the Rural Municipality of Manitou Lake #442 (RM). An applicant requested access to all incoming and outgoing emails to the RM for the previous 18 months. The RM provided some emails to the applicant but also that some emails could not be located. The applicant requested a review by the Commissioner of the RM’s search efforts. Upon review, the Commissioner determined that the RM’s administrative assistant experienced resistance from a councillor when they were requested to provide copies of emails. As a result of the issues with the RM, the Commissioner recommended the RM create records management policies where councillors must promptly save emails that relate to RM business into a central records management system. Records, such as emails, related to RM business should be accessible to employees of the local authority to complete their duties under LA FOIP. 4. Designate staff as records management personnel In large offices where many staff perform a variety of functions, it can be challenging to determine who is responsible for individual records. This challenge may grow over time, as staff change positions or leave the organization. This can become especially problematic
RkJQdWJsaXNoZXIy MTgwMjYzOA==