Office of the Saskatchewan Information and Privacy Commissioner. Privacy Protective Survey Guidance. 14 March 2024. 4 Removing identifiers is important to protect privacy, but public bodies should be aware that the process of de-identification does not reduce the risk of re-identification to zero – there is always the risk of identifying someone. For more information about how to deidentify information, see the ON IPC’s guidance entitled, De-identification Guidelines for Structured Data. Anonymous Data Rendering data sets anonymous requires the removal of personally identifiable information/direct identifiers and quasi-identifiable information/indirect identifiers, in such a way that individuals remain anonymous Therefore, conducting anonymous surveys is a good way to protect the privacy of the participants. A direct identifier is information that directly identifies an individual, such as their name or driver’s license number. An indirect identifier is information for which there is a “reasonable expectation” that it can be used, either alone or with other information, to identify an individual. An indirect identifier could include an individual’s gender, marital status, race, ethnic origin, profession. Depending on the context, this information can be combined with other information to identify an individual. In Review Report 210-2023, our office found that a newspaper and web posting about a harassment investigation, that included the name of the municipality involved and the dates of the investigation, contained information that indirectly identified the Complainant and therefore, qualified as personal information under LA FOIP. For these reasons, beware of the myth that surveys that do not ask for the respondent’s name are anonymous. You should not assume that just because the survey does not record the participants’ names that their participation is automatically anonymous. Some other examples of how an individual’s identity may be revealed are: • Where a survey provides a free text option, you will have limited control over what text is entered, and you may collect information that identifies the respondent or another individual. • Email surveys require respondents to send their responses by email. The response will contain the email address of the sender. Where survey respondents participate in their personal capacity, in other words, not on behalf of an employer or in a business or professional capacity, their personal email address would likely qualify as their personal information. • Third party online survey providers, and the advertisers that promote products or services on the survey providers’ sites, may be able to track websites visited by the respondent by using cookies. This information can be used to develop profiles of respondents. The profiles combine information from other available
RkJQdWJsaXNoZXIy MTgwMjYzOA==