Privacy Protective Survey Guidance

Office of the Saskatchewan Information and Privacy Commissioner. Privacy Protective Survey Guidance. 14 March 2024. 3 Metadata would include the Internet Protocol (IP) address used by the device. The IP address is like a street address or telephone number in that it uniquely identifies a particular device connected to the Internet. Metadata also includes the uniform resource locater (URL) of the resource, which is an address given to a unique resource on the Web, that referred the participant to the survey. It can also include other factors, such as the time the respondent took the survey. Metadata about computing devices can be used to facilitate tracking or monitoring of individuals, analytics, data mining and re-identification of de-identified data (Open Government and Protecting Privacy, (Ontario Information and Privacy Commissioner [ON IPC], March 2017). If the metadata is used in this way, it could enable the collection of other personal information. Because metadata about devices is identifiable, Canadian privacy oversight authorities have found that it can qualify as personal information in some contexts. For example, our office has found in previous reports, such as Review Report 147-2022 and Review Report 186-2019, that an individual’s IP address qualifies as their personal information pursuant to subsections 24(1)(e) and (k) of FOIP (subsection 23(1)(e) and (k) of LA FOIP). If there is any ambiguity about whether personal information is involved, it is best to err on the side of caution and treat the information as personal information. De-identified, Anonymous or Coded Data De-identified Data As noted above, information does not qualify as personal information unless an individual is identifiable from the information. De-identification is an important tool to protect the privacy of individuals because once de-identified, a dataset does not contain personal information. If information is sufficiently de-identified, the privacy rules in FOIP and LA FOIP do not apply. De-identified information is not defined in FOIP or LA FOIP. Information is de-identified if it does not identify an individual, and it is not reasonably foreseeable in the circumstances that the information could be used, either alone or with other information, to identify an individual. This means that once a dataset is altered to remove any information that could be used to identify an individual, such as their name, address, birthdate, etc., then the information no longer qualifies as personal information.

RkJQdWJsaXNoZXIy MTgwMjYzOA==