Guide to LA FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 99 Develop written policies. The primary objectives of privacy and security policies are to: • Prevent and detect malicious activities from occurring • Assist in understanding potential security exposures and risk • Educate, communicate, and promote security responsibilities to all stakeholders • Comply with legislative, privacy and contractual requirements • Identify consequences of security policy violations If there is no documented policy, it will be difficult to communicate privacy and security practices to individuals, the public and external stakeholders, or partners. On the other hand, with a written policy in place, you are clearly demonstrating that you have done your due diligence with respect to privacy and security. This is crucial if your practice is ever subject to a privacy audit, complaint, privacy breach or security incident.273 Every local authority should have a privacy policy that addresses the following: • Accountability for personal information • Purpose for collecting personal information • Consent for collecting, using, and disclosing personal information • Accuracy and correction of personal information • Retention and destruction of personal information • Privacy breach management • Use and disclosure audits • Use and disclosure control • Individual access to information • Privacy complaint management • Enforcement mechanisms274 3. Privacy procedures Establish privacy procedures to serve as an extension of the privacy policy. Procedures should provide staff with consistent steps for managing: • Complaints, breaches of privacy and security incidents 273 SK OIPC Investigation Report H-2011-001 at [115]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 9. 274 Adapted from SK OIPC Investigation Report H-2011-001 at [116].

RkJQdWJsaXNoZXIy MTgwMjYzOA==