Yukon: Commissioner issues guidance for public sector employees handling personal information from home
The Yukon Information and Privacy Commissioner ('the Commissioner'), Diane McLeod-McKay, announced, on 18 March 2020, that she had issued guidance for employees of public bodies and custodians that handle personal information and personal health information as they work from home regarding the disclosure of information in an emergency ('the Disclosure Guidance') and guidance on working remotely ('the Remote Working Guidance'). In particular, the Disclosure Guidance highlights that, among other things, Section 28(1) of the Access to Information and Protection of Privacy Act ('the ATIPP Act') authorises public bodies to disclose personal information without an individual's consent in the case of an emergency. Furthermore, the Disclosure Guidance notes that Section 58 of the Health Information Privacy and Management Act ('HIPMA') authorises a custodian to disclose personal health information without the consent of the individual that the information refers to.
In addition, the Remote Working Guidance recommends, among other things, that to protect personal information ('PI') and personal health information ('PHI'), all electronic devices should be encrypted whenever possible, employees should only use approved channels for communicating PI or PHI, and employees should familiarise themselves with approved and managed remote work tools provided to them by their organisation.