Breach of Privacy
The board of education (board) will be responsible for any damages suffered by any parties whose information is improperly disclosed by the board or its employees.
There is currently no legislative requirement for boards to notify individuals if their personal information has been disclosed without authority or to notify third parties if their confidential information has been disclosed without authority or to notify third parties if their confidential information has been disclosed. However, the damages which could be claimed may be increased if notification is not made in a timely manner so as to enable the individuals or third parties to protect themselves from the possible consequences of the disclosure.
The Office of the Saskatchewan Information and Privacy Commissioner had prepared a document titled Privacy Breach Guidelines which offers advice on steps to take if a breach of privacy occurs. The Guidelines advise that the five key steps in responding to a privacy breach are as follows:
- Contain the breach;
- Investigate the breach;
- Assess and analyze the breach and associated risks by asking the following questions:
- Is personal information involved?
- What is the cause and extent of the breach?
- How many are affected by the breach?
- What is the foreseeable harm resulting from the breach?
- Notify of affected individuals; and
- Plan in order to prevent future breaches.
Further information on the Privacy Breach Guidelines can be obtained by visiting www.oipc.sk.ca.