WHITEHORSE – The Yukon's Information and Privacy Commissioner (IPC), Diane McLeod-McKay, has developed new guidance to help public bodies and custodians in the Yukon fulfil their obligation to perform logging and auditing on their electronic systems that contain personal information (PI) or personal health information (PHI).

This obligation is set out for custodians under the Health Information Privacy and Management Act and for public bodies in the Access to Information and Protection of Privacy Act Regulation.

Logging is the creation of a record that shows any access to, creation of, addition to, alteration of, or deletion of PI or PHI. Auditing is the process of formally examining these logs to investigate the confidentiality and integrity of the PI or PHI.  Having appropriate logging and auditing in place serves to deter and detect improper activity, such as unauthorized access or use of PI or PHI.

“Our office has dealt with incidents and complaints that could have been prevented or have had a lesser impact if proper logging and auditing would have been in place,” said McLeod-McKay. “In order to prevent PI or PHI from being accessed, used, or disclosed without legal authority, public bodies and custodians which have custody or control of PI or PHI must ensure they are complying with their legal obligations regarding logging and auditing. They should also implement logging and auditing best practices to adequately protect this information from a breach. That’s why we’ve developed this guidance to assist custodians and public bodies.”

The guidance can be found on the IPC website here.