Protection of Privacy FAQ
I recently discovered a coworker has been viewing patient records without any need-to-know; who would I report this to?
If you suspect or have proof that a coworker has been viewing patient records without any need-to-know, see what your internal policies and procedures say regarding reporting such incidents. If you are not sure, speak to your supervisor or Privacy Officer to learn the proper procedure. For more information on responding to privacy breaches, please refer to our website: https://oipc.sk.ca/resources/privacy/ under the privacy tab.
I feel my privacy has been breached and I would like your office to look into it because I don't feel that the public body will thoroughly investigate the breach.
The Saskatchewan Information and Privacy Commissioner is an office of last resort and our office would not normally become involved with a breach of privacy complaint until the public body first has the opportunity to investigate. Public bodies must comply with the access and privacy legislation to which they are subject. Once the internal investigation is complete, if you are not satisfied with the outcome of the investigation, you may contact our office.
If you would like our office to look into a privacy matter, please include a copy of the written complaint you made to the public body and the response you received from the public body.
I work in the public sector; why is my salary not considered my personal information?
When you work for a public body where your salary is paid with tax-payer dollars, there is a legal responsibility of the public body to make public expenditures more transparent. Under subsection 24(2)(a) of The Freedom of Information and Protection of Privacy Act (FOIP) and subsection 23(2)(a) of The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) “salary” of employees is not considered personal information. For more information on this topic, please refer to our blog “When Salary is Open to Public Scrutiny”.
I work in the public sector and there has been an access request for information which is contained in my work emails. Is it a breach of my privacy to release information from my email?
This is one of those questions that begins with, “that depends”. It depends on the email itself – was it sent from your work email? Who is the email to? What is the content of the email? Review Report 096-2015 and 097-2015 provides very good examples of how emails in possession of a public body are not the property of that public body.
Just because you are emailing your spouse or family members from your work email does not mean that those emails would be considered releasable. If it is an email from one coworker to another, discussing only their weekend plans, that email may not be considered releasable. If the content of emails constitutes work product, no privacy interests are engaged.
To protect yourself, send personal emails form your personal email account and work related emails from your work account.
I am concerned that my family doctor breached my privacy. How do I make a complaint?
If you feel that your personal health information has been breached (improperly collected, used, disclosed or disposed of) by your doctor, first make your complaint in writing to your family doctor as he/she is most likely a trustee of your personal health information under The Health Information Protection Act. Be sure to outline the reason you believe your privacy was breached and include evidence or proof you have that the breach occurred. Keep a copy of the written complaint. You should allow the doctor around 30 days to respond to you.
If you do not receive a response or are not satisfied by the response you receive, forward your concern to the appropriate regulatory body and make a formal complaint using their processes. In the case of a family doctor, that would be The College of Physicians and Surgeons of Saskatchewan. Include, as background information, the original complaint and the response you received from your doctor.
If you are not satisfied with the response you receive from the College, you can then bring your complaint to our office. We will require the complaint to be in writing. We will also ask for the background information you have on the complaint, such as the original complaint made to the doctor and College and any responses you received back.
If you feel the breach was extremely egregious or harmful, you may wish to contact our office first at 306-787-8350 or 1-877-748-2298 to discuss.
I work in a special care home. I am worried about families of my patients secretly taping me at work. Are they allowed to do that?
The laws that this office oversees only apply to organizations and their employees, not individuals. This office does not have the power to force an individual to stop recording or to investigate after the fact.
Nevertheless, if the special care home is a trustee for the purposes of The Health Information Protection Act, it does have a duty to protect the personal health information of those in its care. If family members are making recordings, it may compromise the privacy of its patients. First, discuss the issue with your supervisor who can determine whether the organization is a trustee and can do anything to safeguard personal health information. Also, see our blog Surveillance in Personal Care Homes: A Case Study.