Right to Know Day is celebrated around the world on September 28th to raise awareness of the right to access government information and promote freedom of information as essential to both democracy and good governance. Right to Know Week is observed in Canada September 26th to October 2nd.

Follow the hashtag #RTK2022 to find out more about the activities taking place across the country.

We are now expanding MFA to all applications that use NSID logins for services such as Canvas, Zoom, and PAWS.  

Beginning July 4th, 2022, when you first log in to any of these applications, you will be required to authenticate with MFA. After that first login you will only be asked for MFA periodically (approximately every 90 days) or when logging in from a new device or location. 

Passwords are increasingly easy to compromise. They are often stolen, guessed, or hacked. Using MFA keeps your account and our applications secure even if your password is compromised. 

Thank you for doing your part in Securing the Pack Against Cyberattacks!  

For more information, please see Multi-Factor Authentication.

January 28 is Data Privacy Day. Data Privacy Day highlights the impact technology is having on our privacy rights and underlines the importance of valuing and protecting personal information.

The National Cybersecurity Alliance is hosting a number of events for Data Privacy Week, January 24-January 28. Join them for talks on Data Privacy Day, the NIST Privacy Framework or an Introduction to Privacy - https://staysafeonline.org/event_category/data-privacy-week/

Find more information on how to stay safe online at https://staysafeonline.org/stay-safe-online/

International Right to Know Day is celebrated September 28 annually and in 2021 Right to Know Week is being celebrated during the week of September 27 to October 3.

Find out more from the Information Commissioner of Canada https://www.oic-ci.gc.ca/rtk-dai/.

 

January 28 was Data Privacy Day. 

Recordings of the National Cyber Security Alliance's virtual presentation, "Data Privacy Day 2021: Data Privacy in an Era of Change", are available here https://staysafeonline.org/resource/data-privacy-day-2021/

Find out more about how to stay safe online and other resources at https://staysafeonline.org/data-privacy-day/

Data Privacy Day is an international effort held annually on Jan. 28 to create awareness about the importance of respecting privacy, safeguarding data and enabling trust.

Join the National Cyber Security Alliance on January 28, 12pm EST for a virtual presentation, "Data Privacy Day 2021: Data Privacy in an Era of Change". Find out details and register here https://staysafeonline.org/event/data-privacy-day-2021/

Find out more about how to stay safe online and other resources at https://staysafeonline.org/data-privacy-day/

Right to Know Day is September 28, 2020 and Right to Know Week will be celebrated in Canada September 28 to October 4, 2020. 

From September 28th to October 1st PSICC will be presenting a series of half-day events dedicated to discussing the importance of maintaining the principles of the ‘right to know’.

Topics include:

  • The Future of Virtual Healthcare
  • FOI and Police Departments
  • Managing Access Requests and Appeals During the Pandemic

Check out the full list of topics and presenters here: https://psimcc.ca/rtk2020/_agenda

Presentations on September 28th are free. Registration fees apply to presentations on the three remaining days. Choose to register for one day or any combination of days.

To learn more and to register, click here: https://psimcc.ca/rtk2020/reginfo/&lang=en

Data Privacy Day is an international effort to empower individuals and business to respect privacy, safeguard data and enable trust.

Watch Data Privacy Day 2020: A Vision for the Future here at 10am PST.  

Find out more about how to stay safe online and other resources at https://staysafeonline.org/

International Right to Know Day is September 28, 2019 and Right to Know Week will be celebrated in Canada September 23-29, 2019. The goal of Right to Know Day is to raise awareness of individuals' right to access to information and promote access as a fundamental right. In Saskatoon, a panel discussion on "The Openess of our Systems," chaired by Morris Bodnar, QC, will be held Thursday, September 26 at 5:30pm at the Hilton Garden Inn. Panelists include Mr. Justice Danyliuk, Geoff Leo, Sean Sinclair and Drew Wilby. This FREE event is being held in conjunction with the 2019 Saskatchewan Connections Conference.

On August 27, 2019 the Office of the Information and Privacy Commissioner (OIPC) released its decision in Review Report 127-2018. In an attempt to assist an applicant, the university suggested that it search for responsive records in a particular area. The applicant agreed and was satisfied with the disclosure, but later learned of relevant documents in another area. The OIPC found that the university had a process for determining where it was reasonable to search for responsive records in an effort to assist an applicant narrow a request, but recommended that the university develop written procedures to better document the process. The university intends to comply with the recommendations of the OIPC.

On May 21, 2019, the Court of Queen’s Bench released its decision in H. v. University of Saskatchewan. This was an appeal from the University of Saskatchewan’s decision to not comply with the recommendation of the Information and Privacy Commissioner in Review Report 298-2017 to disclose a detailed transcript of a meeting relating ot academic research.

The University is pleased with this decision as it brings clarity to the interpretation and application of The Local Authority Freedom of Information and Protection of Privacy Act and its exemptions. The decision sets a precedent that strengthens the protection of academic freedom and privacy, underscoring the right of faculty to freely engage in academic and research activities without undue interference. It promotes academic collaboration and engagement, elements that are critical to knowledge creation and the betterment of society at large. 

See http://saskispconf.ca/

Conference Overview

Jointly hosted by the CSKA and the Saskatchewan Ministry of Justice, this conference supports public, private and non-profit sector organizations in developing connections between the information sharing and privacy disciplines and addresses associated challenges occurring in a rapidly changing environment.

Access, privacy, security and information/records management challenges are intertwined with almost everything contemporary organizations do. Through a series of plenary, breakout and workshop sessions, delegates will gain a clearer understanding of access to information, protection of privacy, information security, and records management issues that arise in organizations subject to FOIP, LAFOIP, and HIPA.  More importantly it focuses on the connections between these disciplines.

The conference will showcase best thinking and practices, provide a platform for cross-sectoral learning, and propel further innovations in the fields of access to information, protection of privacy, information security and records management.

Conference Details

Date: May 15 and 16, 2019
Venue: DoubleTree by Hilton, Regina SK
Conference Scope: Regional Audience
Targeted Attendees: Approximately 120

Who Should Attend

Private, public and non-profit sector professionals dealing with any aspect of access to information, protection of privacy, information security, and records management issues that arise in organizations subject to FOIP, LAFOIP, and HIPA.

On January 29, 2019 the Office of the Information and Privacy Commissioner (OIPC) released its decision in Review Report 206-2018, 207-2018, 208-2018, 214-2018. Two medical residents, conducting approved research, had accessed the data through the incorrect system. One of these two residents had used a third resident's account to access the system. The Univeristy of Saskatchewan accepted the recommendations of the OIPC. The university continues to work closely with eHealth Saskatchewan and the Saskatchewan Health Authority to ensure residents are properly trained on the appropriate use of systems and data and the protection of privacy.
Right to Know Week is September 24th to 30th, 2018, kicking off with Right to Know Day on September 24th. The purpose of Right to Know is to raise awareness of an individual’s right to access government information, while promoting freedom of information as essential to both democracy and good governance. See more information on activities and events on the Right to Know website.

As reported by The Star Phoenix (U of S online salary disclosure ‘a step in the right direction’: expert), the university has published the salaries of top earners on its website. This initiative was approved by the Board of Governors in 2017 and is a step towards increased transparency and accountability. Salaries of employees of the university are not protected personal information and have always been available at the Library or upon request, but this move will make the information more accessible to the public.

On June 5, 2018, the Office of the Information and Privacy Commissioner (OIPC) released Review Report 298-2017 which found that the university improperly applied certain exemptions in its response to an access to information request and recommended that the university release the majority of the record in question. 

The record in question was a transcript of a meeting hosted by a faculty member and involving other faculty and staff at the university as well as industry and government representatives to discuss research management and communications. The university withheld the majority of the transcript on the basis that it contained the personal information of non-university employees, as well as advice, proposals, recommendations, analysis or policy options developed by or for the university and consultations and deliberations involving officers or employees of the university. The exemption for personal information is mandatory pursuant to section 28(1) of The Local Authority Freedom of Information and Protection of Privacy Act, and the exemption for advice, proposals, recommendations, analysis, policy options, consultations and deliberations is permitted pursuant to sections 16(1)(a) and 16(1)(b) of the Act. These exemptions are intended to allow for candor during the policy-making process and to permit public bodies to consider options and act without constant public scrutiny (see the IPC Guide to Exemptions). 

The university did not agree to comply with the recommendations on the basis that the interpretation and application of the Act was unreasonable and that the review lacked procedural fairness. An unduly narrow approach to the provisions of the Act will undermine privacy, the purpose and intent of the discretionary exemptions, as well as academic freedom. 

On June 4, 2018, the Office of the Information and Privacy Commissioner released Investigation Report 309-2017. A clerical employee of the College of Medicine improperly used their access to a provincial health record system to access health records without a need to know. 

“The College of Medicine is working with the Saskatchewan Health Authority and eHealth to implement operational and administrative changes, as recommended by the Saskatchewan Information and Privacy Commissioner, to ensure the protection of private information. We are currently providing privacy training to all administrative employees in the college’s clinical departments.”


Gregory Power
Chief Operating Officer
College of Medicine

In a request for review before the Office of the Information and Privacy Commissioner, the Univeristy had refused to disclose to the Commissioner documents over which it had claimed solicitor-client privilege. The University, rather, provided affidavit evidence that the documents were subject to solicitor-client privilege. The Commissioner was unsatisfied and ordered the production of the documents. This was appealed by the University. On May 16, 2018, the Court of Appeal released its decision in University of Saskatchewan v. Saskatchewan (Information and Privacy Commissioner), 2018 SKCA 34 (CanLII). In it, the Court found that The Local Authority Freedom of Information and Protection of Privacy Act empowered the Commissioner to require the production of such documents, but that the statutory authority to abrogate solicitor-client privilege must be exercised so as to interfere with the privilege only to the extent absolutely necessary. The Court found the Commissioner could have taken other measures in conducting the review, short of demanding the production of documents. The principle of solicitor-client privilege is fundamental to our justice system, and this ruling is important in reaffirming that and bringing clarity to the interpretation and application of the Act.  

On March 22, 2018, the Court of Queen's Bench released its decision in B. v. University of Saskatchewan, 2018 SKQB 92 (CanLII). In it, the Court found that the University improperly applied exemptions to some documents it had withheld under an access to information request, but found it had properly applied other exemptions notwithstanding the findings of the Office of the Information and Privacy Commissioner. The Court ordered the release of certain documents to the applicant, and the University complied. This decision was important as it brought clarity to the interpretation and application of exemptions under The Local Authority Freedom of Information and Protection of Privacy Act, finding that the Commissioner's interpretation of sections 14(1)(d), 16(1)(a) and 16(1)(b) exemptions were unduly restrictive. 

From the Office of the Information and Privacy Commissioner: 

December 14, 2017

The government of Saskatchewan has proclaimed Bill No. 30, An Act to amend The Freedom of Information and Protection of Privacy Act and Bill No. 31, An Act to amend The Local Authority Freedom of Information and Protection of Privacy Act effective January 1, 2018.  My office made proposals for the amendments of these Acts in June 2015.  I am most pleased these amendments were passed by the Legislative Assembly in May 2017 and now proclaimed.

The highlights of the amendments to both Acts are:

  • Obligations of government institutions and local authorities to provide breach notification to affected individuals if it is believed the incident creates a real risk of significant harm;
  • The Duty to Protect is now explicit for both government institutions and local authorities;
  • The Duty to Assist those requesting information is now provided for in the legislation;
  • Police services are now a local authority for purposes of the legislation;
  • There is now an obligation of government institutions and local authorities to enter into written agreements with information management service providers (IMSP);
  • MLAs and Ministers’ offices are obliged to protect personal information in accordance with the legislation;
  • The manner of access to records includes giving access in electronic form;
  • The offence provisions have been updated and expanded;
  • Government institutions and local authorities must take reasonable steps to post manuals, policies, guidelines and procedures to its websites; and
  • Categories of records are to be established that can be provided to the public without an application.

In addition, the Regulations to both Acts have been amended.  Some highlights of the Regulation amendments are:

  • Generally now fees do not have to be charged if under $100 or if the records involve the applicant’s personal information;
  • If records are provided to an applicant via a portable storage device (PSD), the cost of the electronic copies is the price of the PSD;
  • Consent requirements are expanded; and
  • Clarification is provided on what elements must be included in written agreements with IMSPs.

The amendments to the Acts and the Regulations are the most significent amendments to this legislation since its introduction in 1992 and 1993.

My office will be working on updating its resources on its website to reflect the changes that are in the amendments.