22 Office of the Saskatchewan Information and Privacy Commissioner. The Rules of Procedure. Effective 1 Dec. 2018. Updated 16 Aug. 2023. Part 4: Procedure on Reported Privacy Breaches Under FOIP and LA FOIP This Part outlines the procedure that the commissioner’s office will follow and require public bodies, Minister’s offices, or Members of the Legislative Assembly’s (MLA) offices to follow when there is a reported privacy breach. 4-1 Reported Privacy Breaches (1) A public body, Minister’s office or MLA’s office can report a privacy breach by completing the Proactively Reported Breach of Privacy Reporting Form, or an equivalent document and delivering it to the commissioner’s office by email, regular mail, courier or personal delivery. (2) When a public body, Minister’s office or MLA’s office reports a privacy breach to the commissioner’s office, the commissioner’s office will open a case file. 4-2 Notice of Investigation Upon the reporting of a privacy breach, the commissioner’s office will send the public body, Minister’s office or MLA’s office a notification of the investigation including a Privacy Breach Investigation Questionnaire requesting that it be completed and returned to the commissioner’s office within 30 days or such other date as determined by the commissioner. 4-3 When Investigating a Privacy Breach When investigating a reported privacy breach, the commissioner’s office will, among other things, determine whether the public body, Minister’s office or MLA’s office has or should issue a notice of a privacy breach under section 29.1 of FOIP or section 28.1 of LA FOIP to the affected individuals as soon as practical. 4-4 Steps Taken by the Public Body, Minister’s Office or MLA’s Office While investigating a reported privacy breach, the commissioner’s office will analyze whether the public body, Minister’s office or MLA’s office appropriately managed the breach and took the following steps in responding to the privacy breach: • Contained the breach (as soon as possible) • Notified affected individuals (as soon as possible) • Investigated the breach • Taken steps to prevent future breaches.
RkJQdWJsaXNoZXIy MTgwMjYzOA==