Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 96 Section 23.1: Duty of local authority to protect Duty of local authority to protect 23.1 Subject to the regulations, a local authority shall establish policies and procedures to maintain administrative, technical and physical safeguards that: (a) protect the integrity, accuracy and confidentiality of the personal information in its possession or under its control; (b) protect against any reasonably anticipated: (i) threat or hazard to the security or integrity of the personal information in its possession or under its control; (ii) loss of the personal information in its possession or under its control; or (iii) unauthorized access to or use, disclosure or modification of the personal information in its possession or under its control; and (c) otherwise ensure compliance with this Act by its employees. Privacy breaches happen when personal information is collected, used, or disclosed in ways that do not follow the rules set out in LA FOIP. The media frequently report stories of lost and stolen laptops, hacked and lost databases, identity theft, various kinds of internet fraud and the general misuse of personal information. Most often, these stories involve personal information collected by the private sector.262 However, sometimes, it is personal information collected by local authorities. Section 23.1 of LA FOIP establishes a local authority’s duty to protect personal information. This includes establishing policies and procedures to maintain administrative, technical, and physical safeguards that: • Protect the integrity, accuracy, and confidentiality of personal information (23.1(a)) • Protect against any reasonably anticipated threat or hazard to the security or integrity of personal information (23.1(b)(i)) • Protect against loss of personal information (23.1(b)(ii)) • Protect against unauthorized access to or use, disclosure, or modification of personal information (23.1(b)(iii)) 262 AB IPC resource, Personal Information Protection Act (PIPA), PIPA Advisory #8: Implementing Reasonable Safeguards at p. 1.
RkJQdWJsaXNoZXIy MTgwMjYzOA==