Privacy Protective Survey Guidance

Office of the Saskatchewan Information and Privacy Commissioner. Privacy Protective Survey Guidance. 14 March 2024. 6 Need-to-Know and Data Minimization Principles There are two important principles that underly the privacy rules in FOIP and LA FOIP. They are the “need-to-know” principle and the “data minimization” principle. Need-to-know requires public bodies to collect, use or disclose personal information on a need-to-know basis. This means that the personal information should only be available to those that have a legitimate need to know the information for the authorized purpose. Data minimization requires public bodies to collect, use or disclose the least amount of personal information necessary for the purpose. Collection of Personal Information If your survey will involve the collection of personal information from respondents, ensure that you have the authority to collect personal information pursuant to section 25 of FOIP (section 24 of LA FOIP), which states: 25 No government institution shall collect personal information unless the information is collected for a purpose that relates to an existing or proposed program or activity of the government institution. FOIP and LA FOIP limit the rights of public bodies to personal information so that they only collect it to the extent that it is necessary or relevant to their lawful activities. If a collection of personal information is not related to an existing program or activity, public bodies cannot rely on an individual’s consent for lawful authority to collect it. Notice of Collection Subsection 26(2) of FOIP (section 25(2) of LA FOIP) requires a notice of collection of personal information. Public bodies must inform individuals of the purpose of the collection and any proposed uses and disclosures. There is an exception to the requirement to provide notice in subsection 26(3) of FOIP (subsection 25(3) of LA FOIP). That provision states that notice is not required where compliance might result in “the collection of inaccurate information or defeat the purpose or prejudice the use for which the information is collected.”