IPC

Understanding “fees” with ease! (updated)

In my experience, an applicant is sometimes confused when they receive a fee estimate from a government institution pursuant to The Freedom of Information and Protection of Privacy Act (FOIP), or a local authority pursuant to The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP). For example, the applicant questions why they need to pay fees to get access to their own personal information in the possession or under the control of a government institution or local authority (public body) or why certain fees were charged. I think understanding how the legislation governs “fees” may assist with understanding why a public body, may issue a fee estimate.

Fees are intended to provide for reasonable cost recovery for public bodies when providing records to applicants. A reasonable fee estimate is the one that is proportionate to the work required by the public body to respond efficiently and effectively to the applicant’s request. Public bodies should issue reasonable, fair and consistent fee estimates.

Section 9 of FOIP and LA FOIP govern fees and subsection 9(2) of FOIP and LA FOIP state:

9(2) where the amount of fees to be paid by an applicant for access to records is greater than a prescribed amount, the head shall give the applicant a reasonable estimate of the amount, and the applicant shall not be required to pay for an amount greater than the estimated amount.

This prescribed amount of $100 is found in subsection 7(1) of The Freedom of Information and Protection of Privacy Regulations (FOIP Regulations) and subsection 6(1) of The Local Authority Freedom of Information and Protection of Privacy Regulations (LA FOIP Regulations).

There are generally five kinds of fees that a public body can include in its fee estimate: application; search; machine and operator costs; preparation; and reproduction of records. Below are the relevant sections from FOIP and LA FOIP and the accompanying regulations that govern fees:

Application fees:

Subsection 5(1) of the LA FOIP Regulations provides, “an application fee of $20 is payable at the time an application for access to a record is made.” FOIP does not have an application fee.

Fees for search of responsive records:

Subsection 6(2) of FOIP Regulations/ Subsection 5(3) of LA FOIP Regulations provide guidance on what fees can be charged for search efforts. Both subsections advise where time in excess of the prescribed amount (two hours for FOIP/ one hour for LA FOIP) is required by experienced staff to search for the responsive records, a fee of $15 per half-hour may be charged. Our office advises that it could take an experienced staff, one minute to search 12 pages of records, five minutes to search one drawer and three minutes to search an email account.
Subsection 7(2) of FOIP Regulations/ Subsection 6(2) of LA FOIP Regulations provides if actual fees are less than the original estimate, then the public body should refund the excess amount to the applicant.

Fees for machine and operator costs:

Subsection 6(3) of FOIP Regulations/ Subsection 5(4) of LA FOIP Regulations provide for the charging of additional fees when a machine and operator costs need to be factored into the search and retrieval of electronic data.

Fees for preparation of responsive records:

Subsection 6(2) of FOIP Regulations/ Subsection 5(3) of LA FOIP Regulations also provides the same guidance on fees for preparing records for disclosure. Our office advises that it could take an experienced staff, two minutes to sever one page of responsive record.

Fees for reproduction for responsive records:

Subsection 6(1) of FOIP Regulations/ Subsection 5(2) of LA FOIP Regulations provide guidance on the actual cost of reproduction of records, such as photocopy/ print-out cost, is prescribed at $0.25 per page. It should be noted that public body should charge no fees, if the record is provided to an applicant via email. Subsection 6(b.1) of FOIP Regulations/ 5(b.1) of LA FOIP Regulations provide that the public body could charge, the actual cost of the portable storage device; and where records exist in any other form than paper and electronic, these subsections provide that the public body can charge the actual cost of copying the records.

For further explanation as to how to calculate fees, see the following resources available on our website: IPC Guide to FOIP – Chapter 3 and IPC Guide to LA FOIP – Chapter 3.

Below are some best practices to reduce fee estimates for applicants and public bodies:

Best practices for applicants:
- When making an access to information request, list specific documents if possible and a specific time period in order to limit and focus the search efforts for the public body;
- If possible, narrow the scope of your request, based on the nature of the information you seek from a public body. Broadly worded requests require more time to process. More time to process = larger fees; and
- It is beneficial to work with the public body to reach a reasonable fee or resolution; however, if you remain dissatisfied with the fee estimate, you have a right to request a review from our office.

Best practices for public bodies:
- Pursuant to section 5.1 of FOIP and LA FOIP, public bodies have a “duty to assist”, which requires a public body to make every reasonable effort to identify and seek out records responsive to an applicant’s access to information request; to explain the steps in the process and to seek any necessary clarification on the nature or scope of the request within legislative timeframes;
- If possible, only complete the preliminary search (representative sample), not the full search prior to providing the fee estimate. This could save the amount of work a public body puts in before confirmation from the applicant that they wish to proceed;
- Remember that pursuant to subsection 9(3) of FOIP/ subsection 9(3) of LA FOIP, where a public body provides a fee estimate to an Applicant, the Applicant may be required to pay a deposit of an amount that does not exceed one-half of the estimated amount before a search is commenced. Therefore, it is advisable to issue a fee estimate within 3-10 days of receiving the access to information request; and
- It is beneficial to work with the applicant to reach a reasonable fee or resolution, which could avoid involvement from our office.

Public bodies can find more resources on our website that provide guidance for charging fees/ issuing fee estimates, such as:

Applicants and public bodies may find the following reports issued by our office helpful on this topic:

IPC Review Report 042-2019 – recommended that the Ministry reimburse the applicant the fees they paid;
IPC Review Report 034-2019 – found that the fee estimate was not reasonable;
IPC Review Report 102-2019 – found that the applicant did not provide enough evidence to support their request for a fee waiver;
IPC Review Report 106-2022 – found that fees for creating a query to search for emails and a PowerShell script was reasonable;
IPC Review Report 258-2022 – found a fee for a computer operator to search for and retrieve information from its human resource information system (HRIS) was appropriate; and
IPC Review Report 062-2023 – found that the fee estimate was not reasonable and recommended that the City reimburse the applicant part of the fee it had charged.

I am hopeful this blog, will help all with understanding why certain fees may be charged. For any questions, please contact our office at intake@oipc.sk.ca.

Providing a Record in the Format Requested by the Applicant

Applicants often request records in a format which is convenient for their use i.e., paper, word spreadsheet, Excel or comma-separated values (CSV) or pdf. I find that public bodies are comfortable providing records in paper format but when it comes to electronic formats, they lean toward a pdf format. It appears they believe that the data is more secure in pdf and thus, the applicant cannot change or manipulate the data.

Although I am not a security expert, my information is that the belief that the pdf format is tamper-proof is not true.

First, if a public body provides a record in paper format, an applicant can scan the record, white out parts, or edit the scanned version, re-print it and distribute it or post it on the internet.

If a public body provides the record in word or excel, the applicant can open the document, edit it and then distribute it or post it. Similarly, an applicant can do the same with a record in CSV format.

Finally, if the applicant has Adobe Acrobat Pro, and receives a record in pdf, the applicant can do a number of things. He or she can edit it, save it as a word document or export it into an excel spreadsheet, and distribute it or post it to the internet.

So whatever format is used, a person intent on manipulation can change it and distribute the changed record. Public bodies need to accept there is a risk of people altering the records they provide and remember their duty to assist (section 5.1 of FOIP and LA FOIP). In other words, provide the record in the format requested.

Of course, if it is electronically impossible to produce it in the format requested, the public body should assist by providing the record in the next most practical format (subsections 10(2) to 10(4) of FOIP and LA FOIP).

The best advice to public bodies is to keep and store the record in the format they provided it in, to the applicant. If the applicant manipulates and publishes, the public body can say that was not the record that they provided and can prove it as they have the original and a copy of what was sent.

Duty to Assist – Ask, What Do You Need?

The Freedom of Information and Protection of Privacy Act (FOIP) and The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) since 2018, have a section on the duty to assist, it provides as follows:

5.1(1) Subject to this Act and the regulations, a government institution shall respond to a written request for access openly, accurately and completely.

(2) On the request of an applicant, the government institution shall:

(a) provide an explanation of any term, code or abbreviation used in the information; or

(b) if the government institution is unable to provide an explanation in accordance with clause (a), endeavour to refer the applicant to a government institution that is able to provide an explanation.

We treat this as an obligation for a public body (government institution or local authority) to assist the applicant as much as possible.

FOIP and LA FOIP also have a section on clarifying an access request which provides:

6(1) An applicant shall:

(a) make the application in the prescribed form to the government institution in which the record containing the information is kept; and

(b) specify the subject matter of the record requested with sufficient particularity as to time, place and event to enable an individual familiar with the subject-matter to identify the record.

…

(3) Where the head is unable to identify the record requested, the head shall advise the applicant, and shall invite the applicant to supply additional details that might lead to identification of the record.

…

Applicants sometimes draft their access requests extremely broad. That results in possibly thousands of pages to be copied and sent. That is a lot of work for the staff member and potentially a large fee for the applicant.

My office discourages public bodies from asking why the applicant wants the information, but it can be reasonable to ask the applicant “what do you need?” An answer to that question increases understanding, possibly narrows the scope of the access request, and may result in the applicant getting the records sooner, reduces the fee or results in no fee at all.

I emphasize that the “what do you need” question might be asked in certain circumstances. The applicant may have already stated his or her purpose or made it clear exactly what they wanted. In those instances, there is no need to ask.

It is also important to frame your question in a certain way. You might say:

“I have a duty to assist you, and to better assist you, if you tell me what information you need, that will help me get you the records you want”,
“I read your access request and I need some clarification as to what information you are seeking”, or
“What is it that you require in terms of information?”

Now the applicant may refuse to answer your question and if so, then you must do your best to read the access request and provide those records requested.

I would suggest you never ask an applicant what they are going to do with the information. They are entitled to records under section 5 of FOIP or LA FOIP and what they do with that information is entirely up to them. They may want it because they want to know, they may want to write an MLA or a minister or they may want to contact the media or post the information on a website. If the applicant is from the media, you know they are working on a story. They are doing their job. Those are all legitimate actions, and a citizen is free to do whatever he or she wishes with the record.

On the other hand, if a staff member understands what the applicant needs, that staff member can read the access request, interpret it, and provide the applicant information or records that help meet the applicant’s needs. Again, I repeat, the applicant does not have to say why and a refusal not to say, should always be respected.

A word of encouragement to applicants. Before you write out your access request, you should think about why you want the information and what you are going to do with it. An access request for less information might just let you get that information sooner and for a reduced or no fee. Broad access requests increase the chances that you will get a higher fee quote. You could also telephone the public body and say I am making an access request, and can you tell me the files or file folder I should ask to be searched. Now you might not trust the public body, so in that case don’t ask such questions.

Applicants, when you are asked by the staff member the question “what do you need”, and you determine the staff member is trying to be helpful, tell them what you really are trying to get copies of. It might just get you the information sooner at no cost. Remember if you don’t’ get all that you want, you can always make a second access request.

So, to sum up, knowing “what you need” can help reduce the number of records to be produced, the work involved and sometimes the fees. It is worth it for public bodies and applicants to work together to reduce work, time to respond and fees.

The Law Society Issues “Guidelines for the Use of Generative AI in the Practice of Law”

The Law Society of Saskatchewan has issued guidelines for the use of generative AI in a lawyer’s practice. You can read that guideline here. The Law Society has also issued three brief videos on the guidelines (Bite Size CPD 124, 125 & 126). You can watch them here.

When you read the guideline, you will see how many of the statements could apply to any profession and in particular the health professions. It talks about the responsibilities of confidentiality, communications and the risks of discrimination and harassment. I would encourage every profession to consider developing a guideline specifically tailored to their profession and develop in person or online training that helps each member become familiar with the benefits and risks of generative AI.

In fact, I would encourage public bodies and health trustees to read the Law Society guideline and consider whether they should develop their own guideline and training.

I hear the experts say there are benefits and risks. All of us will want to take advantage of the benefits and all of us should recognize the risks and take steps to mitigate those risks.

When We Cannot Help You

My office gets calls from residents when they are expecting us to solve their problem. We receive approximately 1300 calls a year. Some of those citizens have called other agencies or public bodies. They may have called the Ombudsman or the Advocate for Children and Youth office, the Ministry of Social Services, Saskatchewan Human Rights Commission, MLA’s office or Ministry of Justice and Attorney General. I understand they may be frustrated and would just like a solution to their problem. I need to say we probably cannot help you unless the issue is access or privacy related, and the proper processes have been followed. We have a narrow mandate.

Here is what we can do. If you have asked a public body for records and they have refused to provide those records to you, we might be able to help. You need to know that those public bodies have the right to withhold certain information from you. Parts III and IV of The Freedom of Information and Protection of Privacy Act (FOIP) and The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) sets out those exemptions. If we find the exemptions apply, we will not recommend those records be released to you.

If the public body wants to charge you a fee that appears to be unreasonable, we can review that fee.

If a public body fails to respond appropriately to your access request within 30 days, we can review their refusal.

If you feel your personal information or personal health information has been improperly collected, used or disclosed, you can ask my office to investigate the public body’s actions to determine whether there was a privacy breach.

These are some of the things we can do.

You might have staff in my office saying to you “we don’t have jurisdiction, or we don’t have grounds to proceed with a review or an investigation.” The Legislative Assembly has given my office certain powers, and it is only those powers that we can exercise. So, if we say, “we cannot help you”, that is another way of saying we do not have the legislative authority to help you.

We might suggest you contact another office but that is just trying to be helpful.

So, before you call, think about what you expect us to do for you. We might recommend you get some records, get a reduced fee or help to ensure a public body appropriately responds to a privacy breach involving your personal information, but we won’t be able to solve any other problem.

Recent Headlines Give me Concern

In the past weeks, media have speculated on health issues pertaining to a high-profile person in the public eye. One of those headlines involved allegations of an attempted breach of personal health information, which you can find here.

The people of Saskatchewan should rest assured that we have laws that prohibit snooping into their personal information and personal health information. In our province, everyone is entitled to privacy, free from unauthorized intrusions or snooping into their confidential medical and other personal information.

Individuals who are in the public eye, are equally entitled to these protections. People may have jobs or roles that invite or attract media attention, but with very few exceptions, they maintain the right to see restrictions on how personal information or personal health information about them is used and if it is disclosed – the very essence of privacy in a democratic society. We can debate how much of their life is private or public, but I hope we all agree that their personal health information, whether it is cancer, diabetes, or a heart condition, is deserving of the same protections that we all enjoy.

Some public officials choose to make public their health issues to put focus on a particular disease or condition. I admire them when they do that. Their goal may be to educate and support those with a similar condition. On the other hand, there are those who choose to keep their health issues to themselves, and we should respect their right to do so.

The Health Information Protection Act prohibits snooping into other’s personal health information. This applies to those that work in the health sector including staff and physicians and to others who may attempt to break into our health care databases. It is an offense and if caught, there can and should be consequences.

We have had our own experiences with unauthorized access to personal health information. For example, I issued an Investigation Report in January 2024, where I found that a doctor working in Saskatchewan was snooping. You can read it here.

Whether motivated by curiosity, or the desire for profit, in spite of the law, some will be tempted to snoop. That’s why health care providers and others that work for trustees in Saskatchewan are required to take steps to protect personal health information. Guidance is available on my office’s website on the steps that can be taken to reduce the risk of snooping. In addition to requirements to raise awareness, trustees must train staff and audit and monitor the use of personal health information and utilize technological solutions that can help detect and deter snooping.

Recently, in Ontario, The Ottawa Hospital piloted some software with AI functionality to monitor health information systems to detect snooping. I think we should study this type of software in Saskatchewan to see if it is reliable and safe.

Let’s make every reasonable effort to ensure that those who are tempted to snoop are not successful and personal health information is protected. And please respect other’s rights to privacy at all times and recognize the sensitive nature of their health care issues. If you don’t, be aware that there are consequences.

R. v. Bykovets – Privacy and the Internet

In a recent decision called R. v. Bykovets, 2024 SCC 6, the Supreme Court of Canada (SCC) ruled that the police must get a warrant before obtaining access to an individual’s Internet Protocol (IP) address from a third party. In a news release, the British Columbia Civil Liberties Association, an intervenor in the case, called the decision a huge victory for online privacy.

The case involves an individual who was charged with having made fraudulent online purchases from a liquor store. The company that managed the store’s online sales provided the police with the accused’s IP address voluntarily. The accused claimed that this action violated section 8 of the Charter.

The decision, in favour of the privacy rights of the accused, is significant for many reasons including that it recognizes the importance of individuals’ right to privacy in a free and democratic society. Justice Karakatsanis, who wrote the majority decision, stated:

Personal privacy is vital to individual dignity, autonomy, and personal growth. Its protection is a basic prerequisite to the flourishing of a free and healthy democracy.

It also recognizes that an IP address may reveal sensitive personal information about an individual. Further, it finds that the IP address is deserving of protections against unreasonable search or seizure under section 8 of the Canadian Charter of Rights and Freedoms (Charter).

This is not the first time that the SCC has found that the Charter guarantees Canadians a right of privacy. In previous rulings, it has recognized several kinds of privacy namely, physical, or bodily privacy, territorial privacy, privacy of communications and informational privacy.

In R. v. Dyment, the SCC stated that informational privacy is based on the notion of dignity and integrity of the individual and is based on the idea that all information about a person is their own.

IP addresses may reveal sensitive personal information

Writing for the majority of the SCC, Justice Karakatsanis describes an IP address as a unique identification number that identifies the source of every online activity and connects that activity (through a modem) to a specific location.

She added that IP addresses may reveal deeply personal information such as the identity of the device’s user. When correlated with other online information associated with that IP address, it reveals “the first digital breadcrumb that can lead the state on the trail of an individual’s Internet activity.” She wrote that third party websites can track the IP address of each user and added that some websites, such as Google, also collect massive amounts of other information, such as information about users’ searches and location.

Privacy oversight authorities have long recognized the detailed nature of the information that can be discovered through access to an IP address. The federal Office of the Privacy Commissioner issued a paper in May of 2013 which describes the information that could be revealed from a phone number, email address, and an IP address. The paper concluded that knowledge of subscriber information such as phone numbers and IP addresses can provide a starting point to compile a picture of an individual’s online activities, including the individual’s personal interests and organizational affiliations.

While the question of whether an IP address would qualify as personal information under Saskatchewan’s access and privacy laws was not before the SCC in this case, its findings could be relevant to that analysis.

For examples of circumstances where our office has found that an individual’s IP address qualifies as personal information pursuant to subsections 24(1)(e) and (k) of The Freedom of Information and Protection of Privacy Act (FOIP) or subsection 23(1)(e) and (k) of The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) see Review Report 147-2022 and Review Report 186-2019.

Application of section 8

Section 8 of the Charter is intended to protect individuals from unjustified state intrusions (such as searches or seizures) upon their privacy. The scope of the protections offered by section 8 is limited by the reasonableness of the individual’s expectation of privacy in a given set of circumstances. This means that when applying section 8 in the context of a law enforcement investigation, the courts weigh or balance reasonable expectations of privacy against legitimate police investigative techniques.

Regarding whether a reasonable expectation of privacy existed, Justice Karakatsanis wrote:

The “reasonable expectation of privacy” analysis revolves around the potential of a particular subject matter to reveal an individual’s biographical core to the state, not whether the IP addresses revealed information about the appellant on these facts. …In my view, the ever-increasing intrusion of the Internet into our private lives must be kept in mind in deciding this case. It is widely accepted that the Internet is ubiquitous and that vast numbers of Internet users leave behind them a trail of information that others gather up to different ends, information that may be pieced together to disclose deeply private details. And, as the expert evidence describes, an IP address is attached to all online activity; it is a fundamental building block to all Internet use. This social context of the digital world is necessary to a functional approach in defining the privacy interest afforded under the Charter to the information that could be revealed by an IP address.

In balancing the reasonable expectation of privacy against the need to combat online crime, the decision recognizes society’s legitimate interest in public safety and security, and the suppression of crime. It notes that the ways in which crimes are committed has evolved with technological developments and police must have tools to investigate these crimes.

The majority concluded its analysis by stating that the burden imposed by recognizing a reasonable expectation of privacy in IP addresses is not onerous as it would only add another step in the investigation process – the need to obtain a warrant.

Many readers will know that the access and privacy laws overseen by our office, FOIP, LA FOIP and The Health Information Protection Act, protect informational or data privacy. They do this by setting rules for the collection, safeguarding, retention, use and disclosure of personal information or personal health information.

Section 8 of the Charter may not apply when most public bodies and trustees engage with individuals through online services or internet-based communications because the activity may not qualify as a search or seizure. However, in light of the SCC findings on IP addresses, they should be aware of the type of information that may be collected through online engagement with the public and what privacy protections need to be in place.

Individuals and organizations may be interested in the resources available regarding privacy, the internet and the Charter on the Office of the Privacy Commissioner of Canada’s (OPC) website. Organizations with law enforcement mandates may be interested in the OPC’s guide titled “A Matter of Trust: Integrating Privacy and Public Safety in the 21st Century”.

More information about the Charter and how it protects privacy, can also be found in our office’s Guide to FOIP and Guide to LA FOIP.

For any questions, contact intake@oipc.sk.ca

New Guidance on Survey Research

Governments institutions and local authorities often use surveys to collect public views and opinions on new programs and services, and to support informed policy development. As part of its public engagement strategy, the Government of Saskatchewan website states that it routinely polls residents of Saskatchewan for information to help guide policy decisions. The website lists public opinion polls conducted in recent years.

The University of Regina (U of R) has a survey research unit that provides survey and research expertise to students, faculty members and other groups on campus. The U of R has also developed a policy that governs surveys involving sampling of current and prospective students, and alumni and staff.

As of February 2024, Statistics Canada reported that it had 471 active surveys in the collection stage.

With the exponential growth in online government service delivery brought on by the pandemic, it is not surprising that government institutions and other organizations are increasingly using online survey tools and platforms.

There has been some media attention in the past on high profile online surveys. Media have reported on the Government of Saskatchewan’s cannabis survey and the federal government survey into medical aid in dying. In an article published in April 2019, CBC reported that the Saskatchewan Government has been in the habit of surveying the public on major issues noting a trend of surveying on the future of education in the province.

Where survey projects involve the collection, retention, use, disclosure and disposal of personal information, public bodies conducting surveys need to take steps to ensure compliance with Saskatchewan’s access and privacy laws.

My office has released a guide for public bodies on how to address the privacy risks when conducting surveys and the strategies for managing those risks, including online surveys.

There are separate rules and considerations that would arise when a trustee as defined in The Health Information Protection Act (HIPA) seeks to collect personal health information as part of a survey. The guide does not consider the potential impact and specific requirements of HIPA but is focused on the use of surveys by public bodies or organizations.

If your organization does not have a policy and procedure in place for conducting surveys and expects to be conducting multiple surveys, it should consider developing standards. Many universities, including the U of R, have developed guidance or policies on conducting surveys. The University of Saskatchewan has a master agreement with an online survey provider and a policy that governs the use of that survey tool.

For another example, see the Government of Canada Standards for the Conduct of Government of Canada Public Opinion Research – Online Surveys which were updated in 2020.

For further information consult the guidance document. For any questions, contact intake@oipc.sk.ca

Avoiding the Travelling Blues

As Homer Simpson said, it’s Smarch! It’s that lousy time of year when we’re probably digging ourselves out of snowstorms and simultaneously calling our travel agents. While you jump start your summer by going on a late-winter holiday, don’t forget to be privacy and security aware. The last thing you want when you travel is to have your data breached or identity stolen. The following tips can help!

Don’t use public WiFi networks. These are not secure. Instead, use your phone’s data to connect to the internet.
When not using them, turn off WiFi, GPS or Bluetooth on your devices.
Secure your devices and accounts by using strong passwords and two-factor authentication. Change your passwords when you get home.
Make sure your devices all have the latest security updates.
Take devices, such as phones or tablets, that you designate for travel. Keep what you store on these devices to the bare minimum of apps, photos, etc.
Turn on any tracking capabilities your devices have in case they’re lost or stolen. If you can remotely wipe a device such as your phone, learn how to do this before you set sail. At the same time, make sure you have backed up all important data to an external device that you left safely at home.
Keep your devices close to you. Lock them up in the hotel’s safe when you can’t take them with you. Never, ever leave any of your devices unattended. As we’re prone to leaving a device behind rather than having it stolen, double check when you’re leaving an area that you have your device with you.
Refrain from logging into accounts on public devices, like those in your hotel’s business centre. Devices such as these may have keyloggers and malware installed.
Avoid public USB chargers or charge ports. USB cables transfer data – criminals love accessing your data this way. When you can, directly plug your device into a power outlet.
Travel light by taking only the travel documents you need. Make copies of all your travel documents, including your ID, credit cards, or any other personal information you’re bringing. Leave these copies with someone you trust, such as a family member.
We all want to tell our friends on Facebook and Instagram about our travel plans, but it’s probably better to hold off until you return. No one needs to know you will be leaving your home empty for a week or two.
When you do get home, check your credit card statements to make sure there are no unauthorized or suspicious charges.

Data breaches or identify theft occur when devices, documents, etc., are stolen or left behind, or left vulnerable to cyber-attack. Always be privacy and security aware. It’ll make for a better holiday if you don’t have to deal with lousy Smarch weather AND a breach of your privacy or data.

A Discussion With Sharon Polsky

I had the pleasure of talking to Sharon Polsky, President of the Privacy and Access Council of Canada. Sharon has been the president of PACC since its inception. We discussed PACC’s accomplishments in 2023 and her hopes and objectives for 2024. We also discussed her thoughts regarding Bills C-26 and C-27. Please take some time out of your day to listen to our discussion here.