Demystifying the Right to Privacy
Privacy is a deeply personal concept, and it means something a bit different to everyone – so how does Saskatchewan’s privacy legislation protect your personal information and personal health information?
Saskatchewan’s public sector access and privacy laws, The Freedom of Information and Protection of Privacy Act (FOIP) and The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) govern how public bodies (government institutions and local authorities) interact with your personal information. Saskatchewan’s health sector privacy law, The Health Information Protection Act (HIPA), for the most part controls how certain health professionals (called trustees under HIPA) interact with your personal health information.
The protection of privacy under these Acts includes setting rules for the collection, use and disclosure of the personal information or personal health information in question, and whether the public body or trustee’s actions are allowable under their respective Act.
Collection is when an organization assembles or obtains information about an individual.
Use is when an organization uses the information internally – the information is still under the control of the organization.
Disclosure is when information is shared with a separate entity outside of the organization, so the information passes out of the possession and control of the organization.
In order to fulfill their roles, public bodies and trustees may need to collect, use and/or disclose information about you. The legislation protects your privacy by placing boundaries around when collection, use and disclosure is appropriate, and by establishing obligations for organizations. Some of these obligations include:
- Collecting only as much of your information as is necessary to fulfill an authorized purpose (data minimization principle).
- Where possible, collecting information directly from you.
- Ensuring that the information they collect about you is as accurate and complete as possible.
- Taking reasonable steps to safeguard the information under their control – this means having technical, physical or administrative safeguards in place to protect the information from unauthorized access, use, modification, etc.
If you feel that your personal information or personal health information has been collected, used or disclosed inappropriately by a public body or trustee in Saskatchewan, you have the right to make a complaint. The first step will be to make a written complaint to the organization that you feel breached your privacy – for more on this, please see our webpage How do I resolve a Complaint? and our previous blog post, How to Complain (Effectively). If you don’t receive a response from the organization, or if you are not satisfied with the response, you can make a complaint to our office.
Alternatively, when a breach occurs, you may receive notification from the public body or trustee. For more on this, please see our previous blog post What to do if you Receive a Privacy Breach Notification.
If you have questions about how your privacy is protected in Saskatchewan, you can contact our office for more information.