MLA Guide to Protecting Personal Information

Office of the Saskatchewan Information and Privacy Commissioner. MLA Guide to Protecting Personal Information. Effective April 2018. Updated 9 July 2024. 10 Subsection 24.1(c) of FOIP Subsection 24.1(c) of FOIP indicates that an MLA office should have education programs in place for their employees. In this case, training which addresses the MLA office’s duties under FOIP, the safeguards the office has established, the need-to-know and consequences for violating FOIP is best practice. Further, the IPC has indicated that annual training is also best practice. For more on subsection 24.1(c) of FOIP, see the Guide to FOIP, Chapter 6, “Protection of Privacy” starting at page 116. Information Management Service Providers (IMSP) IMSP is defined in subsection 2(1)(e.1) of FOIP as follows: 2(1) In this Act: … (e.1)“information management service provider” means a person who or body that: (i) processes, stores, archives or destroys records of a government institution containing personal information; or (ii) provides information management or information technology services to a government institution with respect to records of the government institution containing personal information; Any time an MLA office engages an IMSP to provide service, it is necessary to consider section 24.2 of FOIP. This will mainly arise when an MLA office contracts with a technology company to maintain computers or with a company that will destroy files. Subsection 24.2(1) provides: 24.2(1) A government institution may provide personal information to an information management service provider for the purposes of: (a) having the information management service provider process, store, archive or destroy the personal information for the government institution;

RkJQdWJsaXNoZXIy MTgwMjYzOA==