Office of the Saskatchewan Information and Privacy Commissioner. MLA Guide to Protecting Personal Information. Effective April 2018. Updated 9 July 2024. 12 It is a best practice to develop a records classification or records keeping system for MLA offices to ensure that all of the personal information that has been collected is accounted for. Once a record classification is in place, it is also important to have a record destruction schedule in place. The longer personal information is kept, the longer there is a risk of a privacy breach. MLA offices may consider destroying personal information of citizens as soon as it is no longer required for the purpose for which it has been collected. MLA offices may need to keep employee personal information longer than personal information of a citizen. It is also best practice to have a copy of a record destruction schedule available for interested citizens. Once a record destruction schedule is in place, MLA offices must take care to dispose of personal information in a secure manner. It is not best practice to simply throw it in the trash as a privacy breach may result. There are a number of commonly accepted ways for MLA offices to properly dispose of personal information depending on the form in which it is being stored. The goal is to irreversibly destroy the media, which contains personal information so that this information cannot be reconstructed or recovered in any way. When going through the process of disposal, an MLA office should also destroy all associated copies and backup files. In instances where an MLA is planning a move, or is closing the constituency office, personal information should be securely transferred or safely disposed of. MLA offices should obtain written consent from the individual before transferring the records to another MLA, which would constitute a disclosure of personal information. What is Required to Obtain the Consent to Collect, Use and Disclose Personal Information? Section 18 of the FOIP Regulations describes the standard of consent when consent is required for the collection, use and disclosure of personal information. Section 18 of the FOIP Regulations provides: 18(1) If consent is required by the Act for the collection, use or disclosure of personal information, the consent: (a) must relate to the purpose for which the information is required; (b) must be informed;
RkJQdWJsaXNoZXIy MTgwMjYzOA==