January 28 was Data Privacy Day.
Recordings of the National Cyber Security Alliance's virtual presentation, "Data Privacy Day 2021: Data Privacy in an Era of Change", are available here https://staysafeonline.org/resource/data-privacy-day-2021/.
Find out more about how to stay safe online and other resources at https://staysafeonline.org/data-privacy-day/
Data Privacy Day is an international effort held annually on Jan. 28 to create awareness about the importance of respecting privacy, safeguarding data and enabling trust.
Join the National Cyber Security Alliance on January 28, 12pm EST for a virtual presentation, "Data Privacy Day 2021: Data Privacy in an Era of Change". Find out details and register here https://staysafeonline.org/event/data-privacy-day-2021/.
Find out more about how to stay safe online and other resources at https://staysafeonline.org/data-privacy-day/
Right to Know Day is September 28, 2020 and Right to Know Week will be celebrated in Canada September 28 to October 4, 2020.
From September 28th to October 1st PSICC will be presenting a series of half-day events dedicated to discussing the importance of maintaining the principles of the ‘right to know’.
- The Future of Virtual Healthcare
- FOI and Police Departments
- Managing Access Requests and Appeals During the Pandemic
Check out the full list of topics and presenters here: https://psimcc.ca/rtk2020/_agenda
Presentations on September 28th are free. Registration fees apply to presentations on the three remaining days. Choose to register for one day or any combination of days.
To learn more and to register, click here: https://psimcc.ca/rtk2020/reginfo/&lang=en
International Right to Know Day is September 28, 2019 and Right to Know Week will be celebrated in Canada September 23-29, 2019. The goal of Right to Know Day is to raise awareness of individuals' right to access to information and promote access as a fundamental right. In Saskatoon, a panel discussion on "The Openess of our Systems," chaired by Morris Bodnar, QC, will be held Thursday, September 26 at 5:30pm at the Hilton Garden Inn. Panelists include Mr. Justice Danyliuk, Geoff Leo, Sean Sinclair and Drew Wilby. This FREE event is being held in conjunction with the 2019 Saskatchewan Connections Conference.
On May 21, 2019, the Court of Queen’s Bench released its decision in H. v. University of Saskatchewan. This was an appeal from the University of Saskatchewan’s decision to not comply with the recommendation of the Information and Privacy Commissioner in Review Report 298-2017 to disclose a detailed transcript of a meeting relating ot academic research.
The University is pleased with this decision as it brings clarity to the interpretation and application of The Local Authority Freedom of Information and Protection of Privacy Act and its exemptions. The decision sets a precedent that strengthens the protection of academic freedom and privacy, underscoring the right of faculty to freely engage in academic and research activities without undue interference. It promotes academic collaboration and engagement, elements that are critical to knowledge creation and the betterment of society at large.
Jointly hosted by the CSKA and the Saskatchewan Ministry of Justice, this conference supports public, private and non-profit sector organizations in developing connections between the information sharing and privacy disciplines and addresses associated challenges occurring in a rapidly changing environment.
Access, privacy, security and information/records management challenges are intertwined with almost everything contemporary organizations do. Through a series of plenary, breakout and workshop sessions, delegates will gain a clearer understanding of access to information, protection of privacy, information security, and records management issues that arise in organizations subject to FOIP, LAFOIP, and HIPA. More importantly it focuses on the connections between these disciplines.
The conference will showcase best thinking and practices, provide a platform for cross-sectoral learning, and propel further innovations in the fields of access to information, protection of privacy, information security and records management.
Date: May 15 and 16, 2019
Venue: DoubleTree by Hilton, Regina SK
Conference Scope: Regional Audience
Targeted Attendees: Approximately 120
Who Should Attend
Private, public and non-profit sector professionals dealing with any aspect of access to information, protection of privacy, information security, and records management issues that arise in organizations subject to FOIP, LAFOIP, and HIPA.
As reported by The Star Phoenix (U of S online salary disclosure ‘a step in the right direction’: expert), the university has published the salaries of top earners on its website. This initiative was approved by the Board of Governors in 2017 and is a step towards increased transparency and accountability. Salaries of employees of the university are not protected personal information and have always been available at the Library or upon request, but this move will make the information more accessible to the public.
On June 5, 2018, the Office of the Information and Privacy Commissioner (OIPC) released Review Report 298-2017 which found that the university improperly applied certain exemptions in its response to an access to information request and recommended that the university release the majority of the record in question.
The record in question was a transcript of a meeting hosted by a faculty member and involving other faculty and staff at the university as well as industry and government representatives to discuss research management and communications. The university withheld the majority of the transcript on the basis that it contained the personal information of non-university employees, as well as advice, proposals, recommendations, analysis or policy options developed by or for the university and consultations and deliberations involving officers or employees of the university. The exemption for personal information is mandatory pursuant to section 28(1) of The Local Authority Freedom of Information and Protection of Privacy Act, and the exemption for advice, proposals, recommendations, analysis, policy options, consultations and deliberations is permitted pursuant to sections 16(1)(a) and 16(1)(b) of the Act. These exemptions are intended to allow for candor during the policy-making process and to permit public bodies to consider options and act without constant public scrutiny (see the IPC Guide to Exemptions).
The university did not agree to comply with the recommendations on the basis that the interpretation and application of the Act was unreasonable and that the review lacked procedural fairness. An unduly narrow approach to the provisions of the Act will undermine privacy, the purpose and intent of the discretionary exemptions, as well as academic freedom.
On June 4, 2018, the Office of the Information and Privacy Commissioner released Investigation Report 309-2017. A clerical employee of the College of Medicine improperly used their access to a provincial health record system to access health records without a need to know.
“The College of Medicine is working with the Saskatchewan Health Authority and eHealth to implement operational and administrative changes, as recommended by the Saskatchewan Information and Privacy Commissioner, to ensure the protection of private information. We are currently providing privacy training to all administrative employees in the college’s clinical departments.”
Chief Operating Officer
College of Medicine
In a request for review before the Office of the Information and Privacy Commissioner, the Univeristy had refused to disclose to the Commissioner documents over which it had claimed solicitor-client privilege. The University, rather, provided affidavit evidence that the documents were subject to solicitor-client privilege. The Commissioner was unsatisfied and ordered the production of the documents. This was appealed by the University. On May 16, 2018, the Court of Appeal released its decision in University of Saskatchewan v. Saskatchewan (Information and Privacy Commissioner), 2018 SKCA 34 (CanLII). In it, the Court found that The Local Authority Freedom of Information and Protection of Privacy Act empowered the Commissioner to require the production of such documents, but that the statutory authority to abrogate solicitor-client privilege must be exercised so as to interfere with the privilege only to the extent absolutely necessary. The Court found the Commissioner could have taken other measures in conducting the review, short of demanding the production of documents. The principle of solicitor-client privilege is fundamental to our justice system, and this ruling is important in reaffirming that and bringing clarity to the interpretation and application of the Act.
From the Office of the Information and Privacy Commissioner:
The government of Saskatchewan has proclaimed Bill No. 30, An Act to amend The Freedom of Information and Protection of Privacy Act and Bill No. 31, An Act to amend The Local Authority Freedom of Information and Protection of Privacy Act effective January 1, 2018. My office made proposals for the amendments of these Acts in June 2015. I am most pleased these amendments were passed by the Legislative Assembly in May 2017 and now proclaimed.
The highlights of the amendments to both Acts are:
- Obligations of government institutions and local authorities to provide breach notification to affected individuals if it is believed the incident creates a real risk of significant harm;
- The Duty to Protect is now explicit for both government institutions and local authorities;
- The Duty to Assist those requesting information is now provided for in the legislation;
- Police services are now a local authority for purposes of the legislation;
- There is now an obligation of government institutions and local authorities to enter into written agreements with information management service providers (IMSP);
- MLAs and Ministers’ offices are obliged to protect personal information in accordance with the legislation;
- The manner of access to records includes giving access in electronic form;
- The offence provisions have been updated and expanded;
- Government institutions and local authorities must take reasonable steps to post manuals, policies, guidelines and procedures to its websites; and
- Categories of records are to be established that can be provided to the public without an application.
In addition, the Regulations to both Acts have been amended. Some highlights of the Regulation amendments are:
- Generally now fees do not have to be charged if under $100 or if the records involve the applicant’s personal information;
- If records are provided to an applicant via a portable storage device (PSD), the cost of the electronic copies is the price of the PSD;
- Consent requirements are expanded; and
- Clarification is provided on what elements must be included in written agreements with IMSPs.
The amendments to the Acts and the Regulations are the most significent amendments to this legislation since its introduction in 1992 and 1993.
My office will be working on updating its resources on its website to reflect the changes that are in the amendments.