23 Office of the Saskatchewan Information and Privacy Commissioner. The Rules of Procedure. Effective 1 Dec. 2018. Updated 16 Aug. 2023. 4-5 Privacy breach Notification and Questionnaire When the commissioner’s office investigates a reported privacy breach, the commissioner’s office will review: (a) The notice of privacy breach sent to affected individuals and consider whether it contains the following: • A description of what happened, including the date, time, location and who was involved. • How the breach was contained. • A detailed description of the personal information that was involved. • If known, a description of possible types of harm that may come to them as a result of the privacy breach. • Steps that can be taken to mitigate harm. • Steps the public body, Minister’s office or MLA’s office is taking to prevent the occurrence of similar privacy breaches in the future. • The contact information of an individual within the public body, Minister’s office or MLA’s office who can answer questions and provide further information regarding the breach. • A reference to the fact that individuals have a right to complain to the commissioner’s office. • The contact information of the commissioner’s office. • Where appropriate, recognition of the impact of the privacy breach on affected individuals and an apology. (b) The Privacy Breach Investigation Questionnaire for public bodies and consider whether the public body has: • Contained the breach (as soon as possible). • Notified affected individuals (as soon as possible). • Investigated the breach. • Taken appropriate steps to prevent future breaches. 4-6 Closing of File Without Report After investigating the reported privacy breach and the actions taken by the public body, Minister’s office or MLA’s office: (a) If the commissioner’s office is satisfied with most of the steps taken, the file will be closed, and the commissioner may make recommendations for further steps to be taken.
RkJQdWJsaXNoZXIy MTgwMjYzOA==