25 Office of the Saskatchewan Information and Privacy Commissioner. The Rules of Procedure. Effective 1 Dec. 2018. Updated 16 Aug. 2023. Part 5: Procedure on Reported Privacy Breaches Under HIPA This Part outlines the procedure that the commissioner’s office will follow and require trustees to follow when there is a reported privacy breach. 5-1 Reported Privacy Breaches (1) A trustee can report a privacy breach by completing the Proactively Reported Breach of Privacy Reporting Form or an equivalent document and delivering it to the commissioner’s office, by email, regular mail, courier or personal delivery. (2) When a trustee reports a privacy breach to the commissioner’s office, the commissioner’s office will open a case file. 5-2 Notice of Investigation Upon the reporting of a privacy breach, the commissioner’s office will send the trustee a notification of the investigation including a Privacy Breach Investigation Questionnaire and requesting that it be completed and returned to the commissioner’s office within 30 days or such other date as determined by the commissioner. 5-3 When Investigating a Privacy Breach When investigating a reported privacy breach, the commissioner’s office will, among other things, consider whether the trustee has or should issue a notice of a privacy breach to affected individuals as soon as practical. 5-4 Steps Taken by the Trustee When the commissioner’s office investigates a reported privacy breach, the commissioner’s office will analyze whether the trustee appropriately managed the breach and took the following steps in responding to the privacy breach: • Contained the breach (as soon as possible) • Notified affected individuals (as soon as possible) • Investigated the breach • Taken appropriate steps to prevent future breaches 5-5 Privacy Breach Notification and Questionnaire When the commissioner’s office investigates a reported privacy breach, the commissioner’s office will review:
RkJQdWJsaXNoZXIy MTgwMjYzOA==