34 Office of the Saskatchewan Information and Privacy Commissioner. The Rules of Procedure. Effective 1 Dec. 2018. Updated 16 Aug. 2023. 7-7 Steps Taken by Trustee When the commissioner’s office determines that there has been a privacy breach, the commissioner’s office will analyze whether the trustee appropriately managed the breach and took the following steps in responding to the privacy breach: • Contained the breach (as soon as possible) • Notified affected individuals (as soon as possible) • Investigated the breach • Taken steps to prevent future breaches 7-8 Breach Notification and Questionnaire When the commissioner’s office determines there has been a privacy breach, the commissioner’s office will, in addition to other things, review: (a) The notice of breach sent to the complainant and affected individuals and determine whether it contains the following: • A description of what happened. • A detailed description of the personal health information that was involved. • If known, a description of possible types of harm that may come to them as a result of the privacy breach. • Steps that can be taken to mitigate harm. • Steps the organization is taking to prevent the occurrence of similar privacy breaches in the future. • The contact information of an individual within the organization who can answer questions and provide further information regarding the breach. • A reference to the fact that individuals have a right to complain to the office of the Saskatchewan Information and Privacy Commissioner. • The contact information of the office of the Saskatchewan Information and Privacy Commissioner. • Where appropriate, recognition of the impacts of the breach on affected individuals and an apology. (b) The Privacy Breach Investigation Questionnaire and consider whether the trustee has: • Contained the breach (as soon as possible). • Notified affected individuals (as soon as possible). • Investigated the breach. • Taken appropriate steps to prevent future breaches.
RkJQdWJsaXNoZXIy MTgwMjYzOA==