Office of the Saskatchewan Information and Privacy Commissioner. Privacy Protective Survey Guidance. 14 March 2024. 13 phone or USB key, encryption is essential. Ensure that the data is encrypted in transit. If you are storing large volumes of personal information on network drives, encryption is highly recommended. If public bodies are using a third party to host their online survey, they will need to be satisfied that the third party has these safeguards in place and that the requirements for the safeguards are set out in a written contract or terms of service. Use and Disclosure of Survey Results Survey results should be reported in a way that protects the privacy of the respondents. This means that personal information collected in surveys must only be used for the purpose it was collected and should only be reported in an aggregated, non-identifying manner. Take steps to ensure that the results do not include small cells of information that could be used to re-identify individuals. For example, in an anonymous survey of your employees, the results might include information about gender and employee job classification (e.g., executive, manager, supervisor or staff). If there is only one individual of a particular gender who falls within a job classification, then that individual’s responses will be identifiable. It may be possible to transform any survey results that are identifiable in a way that protects personal information such as by de-identifying or recoding the information. Privacy Impact Assessment You should do a preliminary assessment to determine if personal information is involved at the survey sampling and survey stage of the project. The preliminary assessment will also help you decide what privacy laws apply. Once you have determined that personal information is involved and which of Saskatchewan’s privacy laws apply, you should conduct a Privacy Impact Assessment (PIA). A PIA is a process that assists organizations in assessing whether a project, program or process complies with the applicable access and privacy legislation. When a project, program, process is in the design stage, a PIA should be used to identify areas where there may be a “privacy impact.” A “privacy impact” occurs when there are inadequate
RkJQdWJsaXNoZXIy MTgwMjYzOA==