Rules of Procedure

29 Office of the Saskatchewan Information and Privacy Commissioner. The Rules of Procedure. Effective 1 Dec. 2018. Updated 16 Aug. 2023. 6-6 When Investigating a Complaint of a Privacy Breach When investigating a complaint of a possible privacy breach, the commissioner’s office will, among other things, confirm whether a privacy breach occurred or not. 6-7 Steps Taken by Public Body, Minister’s Office or MLA’s Office When the commissioner’s office determines that there has been a privacy breach, the commissioner’s office will analyze whether the public body, Minister’s office or MLA’s office appropriately managed the breach and took the following steps in responding to the privacy breach: • Contained the breach (as soon as possible) • Notified affected individuals (as soon as possible) • Investigated the breach • Taken appropriate steps to prevent future breaches 6-8 Breach Notification and Questionnaire When the commissioner’s office determines there has been a privacy breach, the commissioner’s office will, in addition to other things, review: (a) The notice of breach sent to the complainant and affected individuals and determine whether it contains the following: • A description of what happened, including date, time, location and individual involved. • A detailed description of the personal information that was involved. • If known, a description of possible types of harm that may come to them as a result of the privacy breach. • Steps that can be taken to mitigate harm. • Steps the organization is taking to prevent the occurrence of similar privacy breaches in the future. • The contact information of an individual within the organization who can answer questions and provide further information regarding the breach. • A reference to the fact that individuals have a right to complain to the commissioner’s office. • The contact information of the commissioner’s office. • Where appropriate, recognition of the impacts of the breach on affected individuals and an apology. (b) The Privacy Breach Investigation Questionnaire and consider whether the public body has: • Contained the breach (as soon as possible). • Notified affected individuals (as soon as possible).

RkJQdWJsaXNoZXIy MTgwMjYzOA==