Office of the Saskatchewan Information and Privacy Commissioner. MLA Guide to Protecting Personal Information. Effective April 2018. Updated 9 July 2024. 7 Section 24.1 of FOIP provides: 24.1 Subject to the regulations, a government institution shall establish policies and procedures to maintain administrative, technical and physical safeguards that: (a) protect the integrity, accuracy and confidentiality of the personal information in its possession or under its control; (b) protect against any reasonably anticipated: (i) threat or hazard to the security or integrity of the personal information in its possession or under its control; (ii) loss of the personal information in its possession or under its control; or (iii) unauthorized access to or use, disclosure or modification of the personal information in its possession or under its control; and (c) otherwise ensure compliance with this Act by its employees. Administrative safeguards are controls that focus on internal organizations, policies, procedures and maintenance of security measures that protect personal information. Examples include written policies and procedures, annual training for employees, confidentiality agreements, agreements with information management service providers (IMSP), auditing programs, records retention and destruction schedules and access restrictions. Technical Safeguards are the technology and the policy and procedures for its use that protect personal information and control access to it. Examples include separate user identifications, passwords, firewalls, identification and authentication controls, virus scanners and audit capabilities in digital systems. Physical Safeguards are physical measures, policies, and procedures to protect personal information and related buildings and equipment, from unauthorized intrusion and natural and environmental hazards. Examples include locked filing cabinets, offices and storage rooms, alarm systems and clean desk approaches. Note that personal information in the possession or control of MLA offices can exist in different types of records such as: • Hard copy: physical representations of data, such as paper. This includes, among other things, notes, memos, messages, correspondence, transaction records and reports.
RkJQdWJsaXNoZXIy MTgwMjYzOA==