Nunavut’s privacy commissioner investigates government’s mail practices

Alberta promises increased privacy protections

British Columbians facing longer wait times to access records from BC Government

Ontario IPC blog on AI and the public sector

England’s ICO issues Tech Horizons Report

Guidelines for use of AI by lawyers

Federal Privacy Commissioner issues report on RCMP collection of data from third parties

Ontario IPC issues guidance on police use of facial recognition and mug shots

European Parliament passes landmark AI Act on March 13

Princess Kate-attempted breach of her personal information

When We Cannot Help You

When We Cannot Help You

My office gets calls from residents when they are expecting us to solve their problem. We receive approximately 1300 calls a year. Some of those citizens have called other agencies or public bodies. They may have called the Ombudsman or the Advocate for Children and Youth office, the Ministry of Social Services, Saskatchewan Human Rights Commission, MLA’s office or Ministry of Justice and Attorney General. I understand they may be frustrated and would just like a solution to their problem. I need to say we probably cannot help you unless the issue is access or privacy related, and the proper processes have been followed. We have a narrow mandate.

Here is what we can do. If you have asked a public body for records and they have refused to provide those records to you, we might be able to help. You need to know that those public bodies have the right to withhold certain information from you. Parts III and IV of The Freedom of Information and Protection of Privacy Act (FOIP) and The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) sets out those exemptions. If we find the exemptions apply, we will not recommend those records be released to you.

If the public body wants to charge you a fee that appears to be unreasonable, we can review that fee.

If a public body fails to respond appropriately to your access request within 30 days, we can review their refusal.

If you feel your personal information or personal health information has been improperly collected, used or disclosed, you can ask my office to investigate the public body’s actions to determine whether there was a privacy breach.

These are some of the things we can do.

You might have staff in my office saying to you “we don’t have jurisdiction, or we don’t have grounds to proceed with a review or an investigation.” The Legislative Assembly has given my office certain powers, and it is only those powers that we can exercise. So, if we say, “we cannot help you”, that is another way of saying we do not have the legislative authority to help you.

We might suggest you contact another office but that is just trying to be helpful.

So, before you call, think about what you expect us to do for you. We might recommend you get some records, get a reduced fee or help to ensure a public body appropriately responds to a privacy breach involving your personal information, but we won’t be able to solve any other problem.

Recent Headlines Give me Concern

In the past weeks, media have speculated on health issues pertaining to a high-profile person in the public eye. One of those headlines involved allegations of an attempted breach of personal health information, which you can find here.

The people of Saskatchewan should rest assured that we have laws that prohibit snooping into their personal information and personal health information. In our province, everyone is entitled to privacy, free from unauthorized intrusions or snooping into their confidential medical and other personal information.

Individuals who are in the public eye, are equally entitled to these protections. People may have jobs or roles that invite or attract media attention, but with very few exceptions, they maintain the right to see restrictions on how personal information or personal health information about them is used and if it is disclosed – the very essence of privacy in a democratic society. We can debate how much of their life is private or public, but I hope we all agree that their personal health information, whether it is cancer, diabetes, or a heart condition, is deserving of the same protections that we all enjoy.

Some public officials choose to make public their health issues to put focus on a particular disease or condition. I admire them when they do that. Their goal may be to educate and support those with a similar condition. On the other hand, there are those who choose to keep their health issues to themselves, and we should respect their right to do so.

The Health Information Protection Act prohibits snooping into other’s personal health information. This applies to those that work in the health sector including staff and physicians and to others who may attempt to break into our health care databases. It is an offense and if caught, there can and should be consequences.

We have had our own experiences with unauthorized access to personal health information. For example, I issued an Investigation Report in January 2024, where I found that a doctor working in Saskatchewan was snooping. You can read it here.

Whether motivated by curiosity, or the desire for profit, in spite of the law, some will be tempted to snoop. That’s why health care providers and others that work for trustees in Saskatchewan are required to take steps to protect personal health information. Guidance is available on my office’s website on the steps that can be taken to reduce the risk of snooping. In addition to requirements to raise awareness, trustees must train staff and audit and monitor the use of personal health information and utilize technological solutions that can help detect and deter snooping.

Recently, in Ontario, The Ottawa Hospital piloted some software with AI functionality to monitor health information systems to detect snooping. I think we should study this type of software in Saskatchewan to see if it is reliable and safe.

Let’s make every reasonable effort to ensure that those who are tempted to snoop are not successful and personal health information is protected. And please respect other’s rights to privacy at all times and recognize the sensitive nature of their health care issues. If you don’t, be aware that there are consequences.

 

R. v. Bykovets – Privacy and the Internet

In a recent decision called R. v. Bykovets, 2024 SCC 6, the Supreme Court of Canada (SCC) ruled that the police must get a warrant before obtaining access to an individual’s Internet Protocol (IP) address from a third party. In a news release, the British Columbia Civil Liberties Association, an intervenor in the case, called the decision a huge victory for online privacy.

The case involves an individual who was charged with having made fraudulent online purchases from a liquor store. The company that managed the store’s online sales provided the police with the accused’s IP address voluntarily. The accused claimed that this action violated section 8 of the Charter.

The decision, in favour of the privacy rights of the accused, is significant for many reasons including that it recognizes the importance of individuals’ right to privacy in a free and democratic society. Justice Karakatsanis, who wrote the majority decision, stated:

Personal privacy is vital to individual dignity, autonomy, and personal growth. Its protection is a basic prerequisite to the flourishing of a free and healthy democracy.

It also recognizes that an IP address may reveal sensitive personal information about an individual. Further, it finds that the IP address is deserving of protections against unreasonable search or seizure under section 8 of the Canadian Charter of Rights and Freedoms (Charter).

This is not the first time that the SCC has found that the Charter guarantees Canadians a right of privacy. In previous rulings, it has recognized several kinds of privacy namely, physical, or bodily privacy, territorial privacy, privacy of communications and informational privacy.

In R. v. Dyment, the SCC stated that informational privacy is based on the notion of dignity and integrity of the individual and is based on the idea that all information about a person is their own.

IP addresses may reveal sensitive personal information

Writing for the majority of the SCC, Justice Karakatsanis describes an IP address as a unique identification number that identifies the source of every online activity and connects that activity (through a modem) to a specific location.

She added that IP addresses may reveal deeply personal information such as the identity of the device’s user. When correlated with other online information associated with that IP address, it reveals “the first digital breadcrumb that can lead the state on the trail of an individual’s Internet activity.” She wrote that third party websites can track the IP address of each user and added that some websites, such as Google, also collect massive amounts of other information, such as information about users’ searches and location.

Privacy oversight authorities have long recognized the detailed nature of the information that can be discovered through access to an IP address. The federal Office of the Privacy Commissioner issued a paper in May of 2013 which describes the information that could be revealed from a phone number, email address, and an IP address. The paper concluded that knowledge of subscriber information such as phone numbers and IP addresses can provide a starting point to compile a picture of an individual’s online activities, including the individual’s personal interests and organizational affiliations.

While the question of whether an IP address would qualify as personal information under Saskatchewan’s access and privacy laws was not before the SCC in this case, its findings could be relevant to that analysis.

For examples of circumstances where our office has found that an individual’s IP address qualifies as personal information pursuant to subsections 24(1)(e) and (k) of The Freedom of Information and Protection of Privacy Act (FOIP) or subsection 23(1)(e) and (k) of The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) see Review Report 147-2022 and Review Report 186-2019.

Application of section 8

Section 8 of the Charter is intended to protect individuals from unjustified state intrusions (such as searches or seizures) upon their privacy. The scope of the protections offered by section 8 is limited by the reasonableness of the individual’s expectation of privacy in a given set of circumstances. This means that when applying section 8 in the context of a law enforcement investigation, the courts weigh or balance reasonable expectations of privacy against legitimate police investigative techniques.

Regarding whether a reasonable expectation of privacy existed, Justice Karakatsanis wrote:

The “reasonable expectation of privacy” analysis revolves around the potential of a particular subject matter to reveal an individual’s biographical core to the state, not whether the IP addresses revealed information about the appellant on these facts. …In my view, the ever-increasing intrusion of the Internet into our private lives must be kept in mind in deciding this case. It is widely accepted that the Internet is ubiquitous and that vast numbers of Internet users leave behind them a trail of information that others gather up to different ends, information that may be pieced together to disclose deeply private details. And, as the expert evidence describes, an IP address is attached to all online activity; it is a fundamental building block to all Internet use. This social context of the digital world is necessary to a functional approach in defining the privacy interest afforded under the Charter to the information that could be revealed by an IP address.

In balancing the reasonable expectation of privacy against the need to combat online crime, the decision recognizes society’s legitimate interest in public safety and security, and the suppression of crime. It notes that the ways in which crimes are committed has evolved with technological developments and police must have tools to investigate these crimes.

The majority concluded its analysis by stating that the burden imposed by recognizing a reasonable expectation of privacy in IP addresses is not onerous as it would only add another step in the investigation process – the need to obtain a warrant.

Many readers will know that the access and privacy laws overseen by our office, FOIP, LA FOIP and The Health Information Protection Act, protect informational or data privacy. They do this by setting rules for the collection, safeguarding, retention, use and disclosure of personal information or personal health information.

Section 8 of the Charter may not apply when most public bodies and trustees engage with individuals through online services or internet-based communications because the activity may not qualify as a search or seizure. However, in light of the SCC findings on IP addresses, they should be aware of the type of information that may be collected through online engagement with the public and what privacy protections need to be in place.

Individuals and organizations may be interested in the resources available regarding privacy, the internet and the Charter on the Office of the Privacy Commissioner of Canada’s (OPC) website. Organizations with law enforcement mandates may be interested in the OPC’s guide titled “A Matter of Trust: Integrating Privacy and Public Safety in the 21st Century”.

More information about the Charter and how it protects privacy, can also be found in our office’s Guide to FOIP and Guide to LA FOIP.

For any questions, contact intake@oipc.sk.ca

New Guidance on Survey Research

Governments institutions and local authorities often use surveys to collect public views and opinions on new programs and services, and to support informed policy development. As part of its public engagement strategy, the Government of Saskatchewan website states that it routinely polls residents of Saskatchewan for information to help guide policy decisions. The website lists public opinion polls conducted in recent years.

The University of Regina (U of R) has a survey research unit that provides survey and research expertise to students, faculty members and other groups on campus. The U of R has also developed a policy that governs surveys involving sampling of current and prospective students, and alumni and staff.

As of February 2024, Statistics Canada reported that it had 471 active surveys in the collection stage.

With the exponential growth in online government service delivery brought on by the pandemic, it is not surprising that government institutions and other organizations are increasingly using online survey tools and platforms.

There has been some media attention in the past on high profile online surveys. Media have reported on the Government of Saskatchewan’s cannabis survey and the federal government survey into medical aid in dying. In an article published in April 2019, CBC reported that the Saskatchewan Government has been in the habit of surveying the public on major issues noting a trend of surveying on the future of education in the province.

Where survey projects involve the collection, retention, use, disclosure and disposal of personal information, public bodies conducting surveys need to take steps to ensure compliance with Saskatchewan’s access and privacy laws.

My office has released a guide for public bodies on how to address the privacy risks when conducting surveys and the strategies for managing those risks, including online surveys.

There are separate rules and considerations that would arise when a trustee as defined in The Health Information Protection Act (HIPA) seeks to collect personal health information as part of a survey. The guide does not consider the potential impact and specific requirements of HIPA but is focused on the use of surveys by public bodies or organizations.

If your organization does not have a policy and procedure in place for conducting surveys and expects to be conducting multiple surveys, it should consider developing standards. Many universities, including the U of R, have developed guidance or policies on conducting surveys. The University of Saskatchewan has a master agreement with an online survey provider and a policy that governs the use of that survey tool.

For another example, see the Government of Canada Standards for the Conduct of Government of Canada Public Opinion Research – Online Surveys which were updated in 2020.

For further information consult the guidance document. For any questions, contact intake@oipc.sk.ca

Avoiding the Travelling Blues

As Homer Simpson said, it’s Smarch! It’s that lousy time of year when we’re probably digging ourselves out of snowstorms and simultaneously calling our travel agents. While you jump start your summer by going on a late-winter holiday, don’t forget to be privacy and security aware. The last thing you want when you travel is to have your data breached or identity stolen. The following tips can help!

  • Don’t use public WiFi networks. These are not secure. Instead, use your phone’s data to connect to the internet.
  • When not using them, turn off WiFi, GPS or Bluetooth on your devices.
  • Secure your devices and accounts by using strong passwords and two-factor authentication. Change your passwords when you get home.
  • Make sure your devices all have the latest security updates.
  • Take devices, such as phones or tablets, that you designate for travel. Keep what you store on these devices to the bare minimum of apps, photos, etc.
  • Turn on any tracking capabilities your devices have in case they’re lost or stolen. If you can remotely wipe a device such as your phone, learn how to do this before you set sail. At the same time, make sure you have backed up all important data to an external device that you left safely at home.
  • Keep your devices close to you. Lock them up in the hotel’s safe when you can’t take them with you. Never, ever leave any of your devices unattended. As we’re prone to leaving a device behind rather than having it stolen, double check when you’re leaving an area that you have your device with you.
  • Refrain from logging into accounts on public devices, like those in your hotel’s business centre. Devices such as these may have keyloggers and malware installed.
  • Avoid public USB chargers or charge ports. USB cables transfer data – criminals love accessing your data this way. When you can, directly plug your device into a power outlet.
  • Travel light by taking only the travel documents you need. Make copies of all your travel documents, including your ID, credit cards, or any other personal information you’re bringing. Leave these copies with someone you trust, such as a family member.
  • We all want to tell our friends on Facebook and Instagram about our travel plans, but it’s probably better to hold off until you return. No one needs to know you will be leaving your home empty for a week or two.
  • When you do get home, check your credit card statements to make sure there are no unauthorized or suspicious charges.

Data breaches or identify theft occur when devices, documents, etc., are stolen or left behind, or left vulnerable to cyber-attack. Always be privacy and security aware. It’ll make for a better holiday if you don’t have to deal with lousy Smarch weather AND a breach of your privacy or data.

 

A Discussion With Sharon Polsky

I had the pleasure of talking to Sharon Polsky, President of the Privacy and Access Council of Canada. Sharon has been the president of PACC since its inception. We discussed PACC’s accomplishments in 2023 and her hopes and objectives for 2024. We also discussed her thoughts regarding Bills C-26 and C-27. Please take some time out of your day to listen to our discussion here.

“Unlocking Health Care: How to Free the Flow of Life-Saving Health Data in Canada”: An appeal from Canada’s Public Policy Forum

The Canadian Public Policy Forum’s (PPF) recent report entitled, “Unlocking Health Care: How to Free the Flow of Life-Saving Health Data in Canada” has received a lot of media attention since its release last week. It included some important recommendations relating to the need to ensure personal health information is accessible digitally to all patients and health care providers in a timely, and privacy and security protective manner.

For context, it’s the third report in a three-part study that sought to address what it described as “the shortcomings in Canada’s precious health-care systems.” The first report dealt with accessibility to health services. The second report focused on the delivery of primary care.

Our office is a proponent of secure, privacy protective health information systems that enable secure and appropriate retention, access, use and disclosures of personal health information. We appreciate that there is great value in interoperable digital health records for all residents of Canada. Moreover, we know that privacy is not a barrier to innovation.

Long before the PPF wrote about the value of privacy-protective digital health innovations, Canadian privacy authorities passed a resolution entitled, “Securing Public Trust in Digital Healthcare” calling for concerted effort, leadership and resolve in implementing a modern, secure and interoperable digital health communications infrastructure.

The PPF paper is noteworthy because it explained how better health outcomes for Canadians can be achieved with “a high functioning, data- and digital rich system.” The paper uses a series of case studies illustrating how technology can support timely and efficient health care delivery.

The paper also provided examples of how antiquated communications systems can frustrate timely and appropriate health care services. Not surprisingly, the PPF included a number of examples relating to the use of fax machines to communicate. In one example, a physician working in a family clinic and in a number of hospitals in their province, explained how test results intended for them are regularly sent by fax to the wrong clinic or office.

The PPF paper noted that one consequence of these types of incidents or privacy breaches is the psychological impact on patients and physicians who are frustrated spending time chasing down faxes. It stated:

Canada’s continued reliance on phone calls with no return number, paper letters and fax machines impede critical referrals and prescriptions, potentially lifesaving acts of care. Our seeming inability to move beyond outmoded forms of communication delays vital treatments and extracts a psychological toll on patients and the people caring for them, who often must chase down a misdirected or overlooked fax. We cannot state it strongly enough: lives depend on this information.

The paper reported that in one study, e-referral systems shaved 21.4 days off wait times for Canadian orthopaedic surgeons compared with paper-based referrals, such as faxing.

Our office has had its own experience that illustrates how a paper-based system poses a serious risk to privacy. Since 2018, our office has opened approximately 84 files and issued 18 investigation reports involving misdirected faxes. Many of the reports involved multiple misdirected faxes.

For example, Investigation Report 045-2021, et al, involved 23 misdirected health records originating from four different trustees and Investigation Report 164-2023, et al, involved 86 misdirected health records. As there is no requirement to report breaches to our office, we would have no idea how many privacy breaches have resulted from misdirected faxes in Saskatchewan.

In Ontario, the former Information and Privacy Commissioner noted in his 2021 Annual Report, that his office received 4,848 breach reports related to misdirected faxes.

The PPF paper concluded with twelve recommendations as to how governments and partners can work towards making all health records accessible digitally by 2028. While the recommendations are presented as key to achieving these goals, I was particularly pleased to see that among the recommendations is a recommendation that Canada prioritize national safeguards for the collection, analysis, sharing and use of health data.

According to the report, this included ensuring that privacy and security of health data must be preserved in a way that maximizes the benefits for individuals and for the community at large.

The report also recommended a commitment to being paperless, interoperable and with seamless user access by 2028, starting with eliminating transmission of medical information by fax machines in 2024.

Finally, it recommended that e-consultations, e-referrals and e-prescriptions between all clinical service providers should be made available through fully interoperable digital health platforms.

We commend the PPF for its work and encourage you to read the report.

For any questions, contact intake@oipc.sk.ca

Cyber Security Threats – How can you Prepare and What to do After

Cyber security threats are becoming an ever-growing issue as technology and digital information continues to grow and evolve. These types of incidents are a malicious means to steal or destroy data or disrupt computer systems and could result in a breach of personal or personal health information if they do occur. Some common security threats include malware, phishing, and ransomware.

What steps can an organization take to reduce the risk of a cyber security incident and any potential breaches that may come from it? The following are some things to consider:

  • Keep your software and systems updated regularly.
  • Use strong passwords and change them frequently to limit the risk.
  • Use security software and a firewall to protect your network and data.
  • Use multi-factor authentication for your accounts.
  • Back up your data regularly.
  • Train yourself and your staff on basic cyber security principles and how to spot suspicious activity.
  • If you use an outside information technology provider or information management services provider (IMSP), be sure to have agreements in place for regular monitoring of security threats and updating of any security software.
  • Develop and follow cyber security policies and procedures.
  • Have a cyber incident management plan in place so that managing the attack can begin immediately and staff will know their role.

A cyber security incident has occurred – now what?

Implement your cyber security incident management plan which may include things like the following:

  • Identify potential evidence, preserve it, and ensure nothing is lost or damaged.
  • Isolate your network from the Internet and activate your incident response plan.
  • Take note of who was present in your organization before, during, and after the incident.
  • Appoint a point of contact for law enforcement officers to speak to directly and gather information about the incident.
  • Document the report number provided to you by law enforcement.
  • Anticipate law enforcement may need access to your equipment to analyze the technological components of the cyber incident. The police will work with you to collect evidence while minimizing the impacts to your business and recovery efforts.
  • Provide logs, employee statements, emails, and other similar items as potential evidence.
  • Produce a list of key contacts within your organization for law enforcement.
  • Communicate the incident to staff, business associates, clients, and partners.
  • Review your cyber security policies and ensure your staff receive training.
  • Consider purchasing anti-malware and anti-virus software for your network and devices.
  • Enhance your data security with protective measures (e.g., firewalls, virtual private networks, encryption).
  • Prepare your organization for the possibility of testifying in court.

Government of Canada. (November 2021). Have you been a victim of cybercrime?

https://www.cyber.gc.ca/en/guidance/have-you-been-victim-cybercrime

Our office has issued some investigation reports involving this topic:

Investigation Report 009-2020, 053-2020, 224-2020

Investigation Report 398-2019, 399-2019, 417-2019, 005-2020, 019-2020, 021-2020

Investigation Report 370-2022

Investigation Report 098-2021

Some resources available for information on these types of incidents:

Chatbots and Security

Ransomware

Ransomware – What Everyone Should Know

Security and Phishing Presentation

S2 – Episode 7: Unmasking digital threats: How to guard against cyber crime

 

Raising Awareness of the Facts about Fax

The ongoing use of traditional fax machines to send personal information and personal health information by government institutions and trustees continues to raise privacy concerns. My office and Canada’s other privacy commissioners and ombudspersons called for a concerted effort to phase out the use of traditional fax machines in a September 2022 resolution which can be found here. We understand that developing this plan will require broad consultations and additional resources. However, we continue to urge organizations to address this problem on an urgent basis. Public trust and confidence in organizations’ ability to protect Saskatchewan residents’ personal information and personal health information hangs in the balance.

In the meantime, we continue to receive complaints and reported breaches of misdirected faxes that are caused in part by human error. Staff may enter a number in the fax machine incorrectly, fail to comply with policies that require the use of pre-programmed fax numbers or rely on fax numbers found through unverified sources, such as Google. These errors are often caused by inattention, or lack of awareness or training on applicable policies. The office issued an investigation report in November 2022 involving two Saskatchewan Health Authority employees who entered an incorrect fax number in the fax machine. They sent one of the faxes to a Town instead of a public health office. They sent the other fax to the Parole Board of Canada’s office instead of a physician.

Trustees should be aware that the shift from traditional fax machines to digital fax solutions is not sufficient, by itself, to reduce privacy risks. This was shown in Investigation Report 164-2023, et al, which involved 12 different trustees and numerous misdirected faxes. In most cases, the trustees used digital faxing systems. The breaches occurred when staff sent faxes intended for one physician to a different physician with the same last name. In some cases, the faxes were misdirected because the employee involved did not receive clear direction on the recipient. In other cases, the fax was misdirected because of errors in the physician directory or because the employee chose the wrong physician from a drop-down list in the directory.

In September 2020, my office issued guidance on the safeguards to prevent misdirected faxes titled, Faxing PI and PHI. While plans are being developed to discontinue the use of traditional fax machines, every effort must be made to ensure that appropriate safeguards are in place to prevent faxes from going astray. We encourage all organizations to revisit this guidance.

To help ensure that staff are aware of their need to comply with existing policy and to exercise caution when faxing, we have developed a poster that you can download and place in key areas.

Remember that a policy is not enough! Creating a privacy sensitive culture requires that organizations raise levels of awareness of privacy risks and provide appropriate training.

For any questions, contact intake@oipc.sk.ca

Privacy Matters

Advocate’s Report on Independent Schools

The Saskatchewan Advocate for Children and Youth issued her investigation report regarding independent schools in December 2023. She made 36 recommendations, a number of which relate to the access and privacy world. The Freedom of Information and Protection of Privacy Act (FOIP) and The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) deal with the collection, use, and disclosure of personal information, and the protection of that information by government institutions or local authorities. With that in mind, I note the following recommendations in the Advocate’s report:

External Accountability and Participation Rights of Young People

Recommendation 4: The Government of Saskatchewan amend The Registered Independent Schools Regulations to recognize the right and entitlement of all pupils of sufficient maturity to immediate access to all procedures established by the board of a registered independent school for the purposes of investigation and mediation of any differences or conflicts with the independent school.

Recommendation 5: The Government of Saskatchewan amend section 35 of The Registered Independent Schools Regulations to recognize the right and entitlement of all pupils of sufficient maturity attending, or having previously attended, registered independent schools to independently access their own records.

Recommendation 6: The Government of Saskatchewan amend section 35 of The Registered Independent Schools Regulations to protect the right of all pupils under 18 years of age from disclosures of information that would constitute an unreasonable invasion of the pupil’s privacy.

Recommendation 7: The Ministry of Education amend the Registered Independent Schools Policy and Procedures Manual to reflect changes made to The Registered Independent Schools Regulations related to access to records and protection of privacy, as recommended in this report.

Recommendation 8: The Government of Saskatchewan amend section 148 of The Education Act, 1995 to recognize the right and entitlement of all pupils of sufficient maturity to immediate access to procedures established by the board of education or the Conseil scolaire fransaskois for the purposes of investigation and mediation of any differences or conflicts with the school.

Data on Learning Output

Recommendation 25: The Ministry of Education review its processes of collection, entry, storage and tracking of data from registered independent schools on learning outputs, make improvements to ensure the accuracy of data in Ministry records and develop policy and procedures on these processes.

It is clear independent schools serve the needs of parents and their children. The more transparent an independent school is, the more parents and students will know what is happening in their school. At the same time, the better protected student information is, the more comfortable parents and students will be regarding their personal information. Finally, the easier it is for parents or students to access their information, the more comfortable they will be that the independent school is collecting the proper information and making sure that information is accurate.

Regular school boards in Saskatchewan have these obligations as they are subject to the rules of collection, use, disclosure and protection outlined in LA FOIP.

I have written the Minister of Education requesting that his government make independent schools local authorities under LA FOIP. I am hopeful that the Minister would give serious consideration to doing so.