MLA Guide to Protecting Personal Information

Office of the Saskatchewan Information and Privacy Commissioner. MLA Guide to Protecting Personal Information. Effective April 2018. Updated 9 July 2024. 5 MLA offices may disclose personal information in three circumstances: 1) If it has the consent of the subject individual. See the section on consent below. 2) For the purpose it was collected or a use consistent with that purpose. As mentioned in the section on the collection of personal information, MLA offices must have identified an authorized purpose for collecting personal information before it is collected. (See subsection 29(2)(a) of FOIP.) 3) In circumstances described in subsections 29(2), section 30 of FOIP or the FOIP Regulations. Disclosure of personal information for any other purpose may be an unauthorized disclosure. Sharing personal information between different MLA offices or with a Ministers’ office would constitute a disclosure of personal information and must be authorized by the individual’s consent, sections 29 or 30 of FOIP or the FOIP Regulations. For more on disclosure and what FOIP requires in this regard, see the Guide to FOIP, Chapter 6, “Protection of Privacy” starting at page 184. What should I do if there has been an Unauthorized Collection, Use or Disclosure of Personal Information? An unauthorized collection, use or disclosure of personal information is a privacy breach. For more information on how to investigate a privacy breach, see the Office of the Information and Privacy Commissioner’s (IPC) resource: Privacy Breach Guidelines for Government Institutions and Local Authorities. In instances where there is an unauthorized use or disclosure in an MLA office, there may be an obligation to report that unauthorized use or disclosure to the person (affected individual) whose personal information was used or disclosed. Section 29.1 of FOIP provides as follows: 29.1 A government institution shall take all reasonable steps to notify an individual of an unauthorized use or disclosure of that individual’s personal information by the government institution if it is reasonable in the circumstances to believe that the incident creates a real risk of significant harm to the individual.

RkJQdWJsaXNoZXIy MTgwMjYzOA==