Guardrails for Police Use of Investigative Genetic Genealogy in Ontario

Access to Information Act, Protection of Privacy Act implemented in Alberta

Commissioner Dufresne launches exploratory consultation on children’s privacy code

Survey conducted by OPC found that most parents worry about their children’s online privacy

Information and Privacy Commissioner of Ontario and The French Language Services Commissioner discuss your rights of access to information and services in French June 4, 2025

Ontario IPC releases a new independent research report on emerging technology- Emerging Uses of Neurotechnology.

Privacy Commissioner of Canada and UK Information Commissioner’s Office issue a joint letter regarding 23andMe’s bankruptcy proceedings

Instagram still posing serious risks to children, campaigners say

English Information Commissioner issues statement on police use of facial recognition technology (FRT)

BC OIPC provides instruction to delete a user account and DNA on 23andMe

Who signs for an adult?

Who signs for an adult?

Two of my staff were giving a presentation to an organization who has both children and adults in its care. Questions were asked about who could sign for the adult (18 or older) when that adult may not have capacity to sign or consent.  This question took me back to the work I did for 19 years.  I sat down with those staff and gave them a long explanation and by the time I finished, I realized I should do an article on the issue.

A person (an adult) is presumed to have capacity to sign a document or to consent unless a court has declared that the person does not have capacity.  Where a court so declares, there is a court order making the declaration and usually indicating who is the personal or property guardian for that person.  If the document or consent relates to a financial or property issue, the property guardian has the authority, unless limited by the court order.  If the document or consent relates to a personal matter, then the personal guardian has the authority to sign, unless limited by the court order.

It is also possible that a Certificate of Incapacity can be issued under The Public Guardian and Trustee Act and the Public Guardian and Trustee can acknowledge that it will act as property guardian.  In that instance, the Public Guardian and Trustee has authority to sign documents and consent, related to property matters, subject to any limitations in The Public Guardian and Trustee Act.

Many times, particularly with younger adults, there is a reluctance to trigger the court order or a Certificate of Incapacity process.  The court process can be expensive and there is a fear that the adult will be stigmatized by the making of the declaration of incapacity.  The adult may not have assets that would justify the time and cost of a court application.  In these instances, uncertainty can prevail as to the ability to sign a document or a consent.  Remember, an adult is presumed to have capacity unless there is a court order or a Certificate of Incapacity.

Capacity or incapacity is not just black and white.  Adults may function well in one area, but not function well in another area such as judgement.  Adults may act normally today, but on another day, it would appear that their abilities are impaired. Being on or off medications may be a factor.  Emotions and stress will also be a factor.  All of this is to say that on a particular day an adult may or may not have capacity to sign a document or consent.

So, when important decisions have to be made, how do those working with the adult determine whether the adult can sign a document or consent?

In large part, the steps to be taken will depend on the magnitude or gravity of the decision or the consent.  If it is an extremely important decision or document, greater care should be taken by professionals in assessing capacity.  Having the adult examined by a doctor, phycologist, psychiatrist, psychiatric nurse or other health professional, may be the best course of action.  I know lawyers sometimes have this done when taking will instructions when capacity might be an issue.

For decisions that are less significant, it may just involve the professional dealing with the adult making an assessment of the adult’s capacity that day.  First by explaining, very carefully, the contents and the implications of the document or consent.

Now moving to the access and privacy world, an adult can request access to the adult’s personal information by filling in an access request form to a government institution, local authority or trustee.  In this case, the public body will have to determine at the time of delivery of the access request whether the adult understands the nature of the access request being made and if so, they should proceed with processing the access request.

On the privacy side, adults can consent to the release of the adult’s personal information.  Again, where an adult’s capacity is in question, the head of the government institution, local authority or trustee will have to determine whether the adult, at that time, has the capacity to consent.

Q. What does the legislation say?

A. The Freedom of Information and Protection of Privacy Act (FOIP), section 59 and The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP), section 49 provides:

Exercise of rights by other persons                

Any right or power conferred on an individual by this Act may be exercised:

(b) where a personal guardian or property guardian has been appointed for the individual, by the guardian if the exercise of the right or power relates to the powers and duties of the guardian;

(c) where a power of attorney has been granted, by the attorney if the exercise of the right or power relates to the powers and duties of the attorney conferred by the power of attorney;

(e) by any person with written authorization from the individual to act on the individual’s behalf.

The Health Information Protection Act (HIPA), has a similar provision, section 56 which provides as follows: 

Exercise of rights by other persons 

56 Any right or power conferred on an individual by this Act may be exercised:

(b) where a personal guardian has been appointed for the individual, by the guardian if the exercise of the right or power relates to the powers and duties of the guardian;

(e) where the individual does not have the capacity to give consent:

(i) by a person designated by the Minister of Community Resources and Employment if the individual is receiving services pursuant to The Residential Services Act or The Rehabilitation Act; or

(ii) by a person who, pursuant to The Health Care Directives and Substitute Health Care Decision Makers Act, is entitled to make a health care decision, as defined in that Act, on behalf of the individual; or

(f) by any person designated in writing by the individual pursuant to section 15.

Q. What if I have a power of attorney?

A. The legislation contemplates a property or personal attorney having the power to obtain information regarding the adult. It should be noted that the property attorney should only be able to get financial or property information and the personal attorney should only get personal information including personal health information.  The adult could set out limits in the power of attorney regarding accessing information. Those relying on a power of attorney must read that document to determine any limits.

Q. If an adult has appointed an attorney, can an adult request information? 

A. The answer is “yes” if the adult has that particular day the capacity to understand the nature of the request and the consequences of making the request. Appointing an attorney under a power of attorney does not take away an adult’s ability to make decisions or request information.  Whether the attorney agrees or disagrees with the decision or consent does not matter.  Thus, the adult, who has capacity on that day, can independently make an access request for information or consent to giving information to another person or organization.

Q. What if I am a proxy under a health care directive?

A. The Health Care Directives and Substitute Health Care Decision Makers Act, 2015 provides for adults making a health care directive where they appoint a proxy. The Act provides:

Personal health information to be disclosed

21 Notwithstanding any other Act or law, personal health information is to be disclosed by a treatment provider to a proxy, nearest relative or personal guardian if it is necessary to enable that person to make an informed health care decision.

So, unless limited by the wording in the health care directive, a proxy would have the right to request personal health information in order to make a health care decision.

One would also note that section 21 contemplates providing personal health information to a nearest relative or a personal guardian in order to make a health care decision.

Q. Does HIPA contemplate and allow disclosure to a proxy or nearest relative? 

A. The answer is yes.  Subsection 27(4)(l) provides as follows:

Disclosure

27(4) A trustee may disclose personal health information in the custody or control of the trustee without the consent of the subject individual in the following cases:

(l) where the disclosure is permitted pursuant to any Act or regulation;

Q. Are there any obligations on the trustee? 

A. Again the answer is yes. Section 21 of HIPA provides as follows:

Duty where disclosing to persons other than trustees

21 Where a trustee discloses personal health information to a person who is not a trustee, the trustee must:

(a) take reasonable steps to verify the identity of the person to whom the information is disclosed; and

(b) where the disclosure is made without the consent of the subject individual, take reasonable steps to ensure that the person to whom the information is disclosed is aware that the information must not be used or disclosed for any purpose other than the purpose for which it was disclosed unless otherwise authorized pursuant to this Act.

Q. Can an adult do anything else to authorize someone else to obtain information?

A. The answer is “yes”. FOIP subsection 59(e), LA FOIP subsection 49(e) and HIPA subsection 56(f) contemplates something in writing, signed by an adult who has capacity on a particular day and understands the nature of the document being signed. This could be less formal than a power of attorney, a health care directive or court order.  It could be on a form designed by the organization.  The head of the government institution, local authority or trustee would need to, as best as the head can, determine whether the adult had capacity at the time of signing.

I hope this blog has clarified an area that at times is complex.  It is always important to remember that an adult has capacity unless there is a court declaration or a Certificate of Incapacity.  Professionals will have to, on a regular basis, determine whether a particular adult has capacity to sign or consent.  Those decisions will be influenced by the seriousness of the consequences of making the decision.  If in doubt, professionals can ask for an assessment from another professional, but should always start from the point of view that an adult has capacity.  Being eccentric, difficult and non-cooperative does not necessarily indicate lack of capacity.

Other helpful resources on this topic can be found at the Public Guardian and Trustee website: https://www.saskatchewan.ca/government/government-structure/boards-commissions-and-agencies/office-of-the-public-guardian-and-trustee

 

 

Was this page helpful?

Technology and function creep

“I love technology,

But not as much as you, you see.

But I still love technology.

Always and forever.”

  • Kip from the movie Napoleon Dynamite

Technology takes on a central role in most, if not all, workplaces. It is difficult to imagine a workplace without computers. Further, cloud computing is enabling workplaces to organize themselves far more dynamically while completing tasks efficiently. With all of its benefits, we must be cognizant of technology’s impact upon employee privacy.

“Function creep” occurs when information is used for a purpose that is not the original specified purpose. For example, a workplace may install a security system that requires employees to sign-in or sign-out of the workplace. The purpose of the security system is to prevent unauthorized access to a particular workplace. However, organizations may end up using this information about individual employees to track employee attendance. This could be a privacy breach if the organization has not fulfilled the collections requirements in The Freedom of Information and Protection of Privacy Act (FOIP) and The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP). For example, if the organization is collecting the information to track employee attendance without informing employees of the purpose for which the information is being collected pursuant to subsection 26(2) of FOIP or subsection 25(2) of LA FOIP, then this would be a privacy breach.

Function creep is often unintended. However, this is not an excuse for organizations to breach employee privacy. Below are some suggestions that organizations could undertake to avoid or stop function creep:

  • Have at least one employee designated as the privacy officer.
  • Have a process in place so that employees (or members of the public) can raise concerns and that those concerns are investigated.
  • Since function creep is often unintended, organizations who learn that technologies or processes that are committing function creep should be open to adjusting so that the function creep is discontinued.
  • Regularly undertake privacy impact assessments (PIA) so they can comprehensively analyze and evaluate how technology impacts privacy. A PIA is a process that should be undertaken not only by the privacy officer, but managers and employees implementing new technology, processes, projects, and/or programs. PIAs require teamwork!

For more information, check out my office’s resource called Technology’s Impact Upon Employee Privacy.

 

Was this page helpful?

So, Do We Collaborate?

I had someone, whom I respect, say to me that some public bodies feel we don’t collaborate. This caused me to think about this concern and I thought it important to clarify our role and in turn define expectations.

‘Collaborate’ in the Oxford Dictionary is defined as, “work jointly on an activity or project”.

As an oversight body that gets appeals and complaints, we walk a fine line at times when having to do reports that may be critical and also have to be involved in education programs. On the education side, we are most interested in collaborating with others to put on education events. I have made offers for joint projects and will continue to do so to have public bodies, trustees and residents of the province understand the legislation that has been passed by the Legislative Assembly. We have collaborated on workshops, training materials and the writing of certain guidelines. We also consult. For more on that process, see my office’s Consultation Request Form.

When we receive a request to review a public body’s/trustee’s decision to release or not release records, or a complaint of a breach of privacy, we are, at the beginning, most interested in seeing whether the matter can be informally resolved. We take on a mediation role. Mediation is defined in the Oxford Dictionary as, “intervention in a dispute in order to resolve it.” In this role, my office tries to get the public body or trustee and the applicant or complainant to move toward resolution. As a mediator, you are not collaborating, but you are facilitating the parties moving towards resolution. The resolution is a result between the parties. Where it works, that is the best solution. It does not always work, and if the parties just cannot agree, then at some point my office concludes early or informal resolution is not possible.

When early or informal resolution is not possible, my office shifts in its role to one of a neutral objective decision maker. We neither take sides with the applicant/complainant nor the public body/trustee. We are there to apply the legislation based on case law, other commissioner’s office decisions and what seems reasonable under all the circumstances. We turn to gathering information, investigating the situation and analyzing to determine what recommendations, if any, should be made.  At this point, we are not collaborating. We accept representations (submissions) from the parties and start reaching conclusions as we begin to complete a report. Before finalizing a public review or investigation report, we may seek information or clarification on any issue from the public body, trustee, applicant, complainant or a third party as necessary.

Once a report is finalized, my office issues it and provides a copy to the parties involved. From the date my office issues the final report, public bodies or trustees have 30 days to provide their written response to my office and to the applicant or complainant. If the applicant or complainant is not satisfied with the public body’s or trustee’s response, they then have 30 days after receiving it to appeal the decision to the Court of King’s Bench. An appeal, which my office cannot become involved in, is one more opportunity for an applicant or complainant to have their case heard by a higher neutral body. My office also posts reports to our office website approximately seven days after my office issues them, which makes them public.

So, I hope I have clarified that we are always interested in collaborating on joint ventures in education and informally resolving appeals or complaints through mediation. At some point, the collaboration and mediation stop, and a review or investigation and an analysis occur. The result is a report with my findings and recommendations, which a public body – or an applicant – may not like. It is a role our office plays, though, and one in which we do not collaborate.

 

 

Was this page helpful?

Amendments to FOIP and LA FOIP Proclaimed

The government of Saskatchewan has proclaimed Bill No. 30, An Act to amend The Freedom of Information and Protection of Privacy Act and Bill No. 31, An Act to amend The Local Authority Freedom of Information and Protection of Privacy Act effective January 1, 2018.  My office made proposals for the amendments of these Acts in June 2015.  I am most pleased these amendments were passed by the Legislative Assembly in May 2017 and now proclaimed.

The highlights of the amendments to both Acts are:

  • Obligations of government institutions and local authorities to provide breach notification to affected individuals if it is believed the incident creates a real risk of significant harm;
  • The Duty to Protect is now explicit for both government institutions and local authorities;
  • The Duty to Assist those requesting information is now provided for in the legislation;
  • Police services are now a local authority for purposes of the legislation;
  • There is now an obligation of government institutions and local authorities to enter into written agreements with information management service providers (IMSP);
  • MLAs and Ministers’ offices are obliged to protect personal information in accordance with the legislation;
  • The manner of access to records includes giving access in electronic form;
  • The offence provisions have been updated and expanded;
  • Government institutions and local authorities must take reasonable steps to post manuals, policies, guidelines and procedures to its websites; and
  • Categories of records are to be established that can be provided to the public without an application.

In addition, the Regulations to both Acts have been amended.  Some highlights of the Regulation amendments are:

  • Generally now fees do not have to be charged if under $100 or if the records involve the applicant’s personal information;
  • If records are provided to an applicant via a portable storage device (PSD), the cost of the electronic copies is the price of the PSD;
  • Consent requirements are expanded; and
  • Clarification is provided on what elements must be included in written agreements with IMSPs.

The amendments to the Acts and the Regulations are the most significent amendments to this legislation since its introduction in 1992 and 1993.

My office will be working on updating its resources on its website to reflect the changes that are in the amendments.

For copies of amendments to FOIP and LA FOIP, go to www.oipc.sk.ca under the Legislation tab.  The amendments to the Regulations will soon be available on my office’s website and the Queen’s printer website.

Was this page helpful?

Privacy versus Confidentiality

Privacy and confidentiality are two concepts often mistaken to be the same thing.

In terms of information, privacy is the right of an individual to have some control over how his or her personal information (or personal health information) is collected, used, and/or disclosed. In Saskatchewan, individuals’ privacy is maintained through FOIP, LA FOIP and HIPA. These three laws establish individuals’ right to privacy by setting out how government institutions, local authorities, and trustees are to collect, use, and/or disclose personal information or personal health information.

Confidentiality, on the other hand, is a far slimmer concept than privacy. Confidentiality is the duty to ensure information is kept secret only to the extent possible.

It is important to distinguish between these two concepts. This is because organizations often require employees to sign confidentiality agreements (i.e., keep information secret) but then offer very little or no privacy training.  There are certainly circumstances in which employees of government institutions, local authorities, and trustee organizations need to legitimately share information in order for their programs to function. However, sharing information may seem contrary to what confidentiality agreements require of them.

Privacy Officers play a vital role in ensuring that government institutions, local authorities, and trustee organizations are in compliance with FOIP, LA FOIP, and/or HIPA.  Privacy Officers should be experts in these three laws who can advise their organizations when it is okay to collect, use, and/or disclose personal information (or personal health information).

For fun, below are two haikus to help explain privacy and confidentiality

Privacy

Collecting, using,

disclosing and safeguarding,

personal info.

 

Confidentiality

Keep info secret.

Do not tell anybody.

Or else you lose trust.

Was this page helpful?

Closing a Practice

Back in 2011, this office issued an Advisory to address concerns we had at the time regarding abandoned patient records. That resource was titled, Advisory for Saskatchewan Trustees for Record Disposition. This office now again is looking to provide some advice to trustees that are winding up his or her practice as additional cases of abandoned patient records come to our attention.

In one recent case, a physician left the country leaving behind both paper and digital patient records in two different locations. Section 22 of The Health Information Protection Act (HIPA) requires trustees that are closing up his or her practice to transfer custody/control of patient records to another trustee or an Information Management Service Provider (IMSP) that is a designated archive.  This physician did not do this. Instead an IMSP was left with physical possession of patient records.  The full Investigation Report 214-2017 is available on our website here.

So what needs to be done in order to wrap up a practice without leaving loose ends? The Saskatchewan College of Physicians and Surgeons has a helpful resource, Leaving Practice – A guide for physicians and surgeons. In addition to HIPA obligations, this resource addresses other issues such as continuity of care and discharging patients. The Ontario Information and Privacy Commissioner published Succession Planning to Prevent Abandoned Records which considers obligations under its Personal Health Information Protection Act, 2004. HIPA is of course similar but not identical and applies to a wide assortment of trustees (i.e. affiliates, Saskatchewan Health Authority) with custody or control of personal health information, not just physicians.

In terms of HIPA compliance, some of the most important steps to take before closing a practice are as follows:

  1. If you have not done so already, create an inventory of all records (paper and digital) in your custody or control;
  2. If you do not have one, create a record retention/disposition schedule for all records;
  3. Custody or control of patient records must be clearly established before taking action;
  4. Before transferring patient records, enter into a written agreement with the successor trustee or IMSP (that is a designated archive, see HIPA Regs s. 4);
  5. Ensure that any multi-function devices that may contain personal health information are sufficiently wiped/erased or hard-drives are destroyed;
  6. Provide advance, adequate notice (letters to patients, notice on doors, voicemail message and details in the newspaper and/or online) to patients and others;
  7. Securely transfer patient records; and
  8. Leave no records behind including securely destroying any records that are up for disposition.

If a member of a regulated profession, the trustee can also seek advice from its health professional body which also happens to be prescribed as designated archives in the HIPA Regs. Do you have more questions? If so, let us know.

Was this page helpful?

What Makes a Good Submission?

The staff at the OIPC recently watched a webinar called The Art of Persuasive Speaking put on by The Canadian Bar Association. Some of the points made in the webinar are relevant to public bodies providing submissions to our office. I thought I would share some further tips pulled from that webinar.

When you want to be persuasive in your arguments to our office:

1. Have a plan and prepare:

Your goal is to convince our office that the public body is in compliance with the legislation.

  • Assemble all the evidence (information) relevant for our office;
  • Lay out the facts, tests, law and argument;
  • Focus on the key disputed facts and issues; and
  • Understand the role of the public body as it pertains to burden of proof (section 61 of FOIP/section 51 of LA FOIP).

2. Know your audience:

Understanding the role of our office is important in tailoring your arguments. Our office is a neutral oversight body. Our office is being asked to make a decision and recommendations.  We have found that when dealing with other organizations, a cooperative approach really works. We are not on the side of the applicant, third party or the public body. We are the first level of appeal before the Court of King’s Bench (2nd level of appeal).

  • Remember, our office will also be receiving arguments from the opposing parties in the case; and
  • How persuasive a party’s arguments are will influence the outcome of the case and you want yours to be most persuasive.

3. Use persuasive techniques:

Your goal is to make our office want to decide in your favour. Show us how to get there.

  • Put yourself in the shoes of our office, and ask: “If I had to make this decision, what would I need to make it?” This will help you focus on the key issues and anticipate questions our office would likely ask;
  • Use solid arguments and deliver only true and accurate statements;
  • Put your best (strongest) arguments first;
  • Avoid filling your submission with endless details without context;
  • Broad general statements are not persuasive; and
  • Present arguments from reputable sources.

These are all effective means of putting your arguments forward, which is in turn more persuasive. For more assistance on preparing your submission, Index of Records and/or the record itself, you can refer to our resource, What to Expect During a Review with the IPC:  A Resource for Public Bodies and Trustees

Was this page helpful?

Saskatchewan Information and Privacy Commissioner’s Proposal on Data Matching

First reading has been given to The Data Matching Agreements Act.  Kruzeniski stated:

In the spring of this year, I released proposals for Data Matching legislation.  I am pleased that the Legislative Assembly is now considering such legislation.

And he further stated:

The proposed legislation clarifies the steps that a Ministry must take in order to perform data matching.  It is my intent to require organizations to follow the Act.

And he finally stated:

It will be absolutely necessary that government organizations do a privacy impact assessment before they embark upon a data matching project.  Such an assessment is needed so that privacy protection of personal information is maintained.

 

Was this page helpful?

IPCs across Canada call on governments to safeguard independent review of solicitor-client privilege

In a joint resolution, Canada’s Information and Privacy Commissioners (IPCs) have called on governments to ensure that access to information and privacy legislation in every jurisdiction empowers IPCs to compel the production of records over which solicitor-client privilege has been claimed by public bodies to verify whether these claims are properly asserted when responding to requests for access to information.

In Alberta (Information and Privacy Commissioner) v. University of Calgary, 2016 SCC 53, the Supreme Court determined that legislative language did not expressly permit the Alberta Commissioner to compel the production of records over which solicitor-client privilege had been claimed. Canada’s IPCs are concerned with this decision as they require the power to compel these records in order to properly fulfil their mandate of providing first-level, independent review of public bodies’ responses to requests for access to information.

Canada’s IPCs are calling on their respective governments to amend access to information and privacy legislation to ensure they are empowered to compel the production of records in order to independently review records over which public bodies claim solicitor-client privilege.

The joint resolution is available on the IPCs’ respective websites.

Was this page helpful?

LA FOIP, Municipalities and Cities

Access to information under LA FOIP

One of the purposes of The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) is to ensure that local authorities are transparent and accountable to the public. One way of facilitating transparency and accountability is to provide individuals with the right to access records in the possession or under the control of a local authority. Section 5 of LA FOIP provides individuals with the right to access to records in the possession or under the control of a local authority:

5 Subject to this Act and the regulations, every person has a right to and, on an application made in accordance with this Part, shall be permitted access to records that are in the possession or under the control of a local authority.

Individuals may use this form to submit an access to information request to a local authority: http://www.qp.gov.sk.ca/documents/Forms/L27-1R1-B.pdf.

When a local authority receives a written request, it should process the request formally under LA FOIP. This includes assisting the Applicant to identify the record he/she is seeking, issuing a fee estimate if it is appropriate to do so, conducting a reasonable search for records, consulting with third parties, and issuing a formal response in accordance with section 7 of LA FOIP. For more information, please consult my office’s Best Practices for Responding to Access Requests.

Are there records that citizens may access without submitting a formal request under LA FOIP?

A person is entitled under section 117 of The Municipalities Act (MA) to inspect and obtain copies of certain types of records, including contracts approved by council, financial statements prepared in accordance with section 185 of MA, and council’s approved meeting minutes. What this means is that individuals should not have to submit a formal request under LA FOIP to obtain the records they are entitled to under the MA.

Similarly, a person is entitled under section 91 of The Cities Act (CA) and section 133 of The Northern Municipalities Act, 2010 (NMA) to inspect and obtain copies of similar types of records described above. What this means is that individuals should not have to submit a formal request under LA FOIP to obtain the records they are entitled to under the CA.

Do councillors have a right to records?

As a part of their duties, councillors are to represent the interests of the citizens living within their constituency at council meetings and council committee meetings. Councillors must also be informed in order to effectively participate in such meetings. In order to stay informed, councillors should have access to records related to the municipality/city business without requiring them to make a formal access to information request under LA FOIP to gain access.

Municipalities and cities should have policies and procedures in place that enables councillors to have access to records related to municipality/city business. Councillors should also agree to keep matters confidential until the matter is discussed publicly at a council meeting or council committee meeting.

Section 92 of the MA outlines the duties of councillors as follows:

92 Councillors have the following duties:

(a) to represent the public and to consider the well-being and interests of the municipality;

(b) to  participate  in  developing  and  evaluating  the  policies,  services  and  programs of the municipality;

(c) to  participate  in  council  meetings  and  council  committee  meetings  and  meetings of other bodies to which they are appointed by the council;

(d) to  ensure  that  administrative  practices  and  procedures  are  in  place  to  implement the decisions of council;

(e) subject to the bylaws made pursuant to section 81.1, to keep in confidence matters discussed in private or to be discussed in private at a council or council committee meeting until discussed at a meeting held in public;

(f) to maintain the financial integrity of the municipality;

(g) to perform any other duty or function imposed on councillors by this or any other Act or by the council.

Section 65 of the CA and section 106 of the NMA is very similar to the above.

When should council meetings or council committee meetings be held in-camera?

The MA, CA, and NMA requires councils and council committees to meet in public. Parts or all of a meeting can be closed to the public if the matter being discussed is within one of the exemptions in Part III of LA FOIP. Part III of LA FOIP provides for limited and specific circumstances in which information should not be disclosed.  Generally speaking, councils and council committees should make efforts to conduct most of their meetings in public unless one of the limited and specific circumstances in Part III of LA FOIP exists.

An example of when councils or council committees should hold part of a meeting closed to the public is if a matter to be discussed includes personal information of a citizen. This is because Part III of LA FOIP includes the following exemption:

15 (1) A head may refuse to give access to a record that:

(b) discloses agendas or the substance of deliberations of meetings of a local authority if:

(ii) the  matters  discussed  at  the  meetings  are  of  such  a  nature  that  access to the records could be refused pursuant to this Part or Part IV.

Part IV of LA FOIP provides that local authorities must not disclose personal information unless it has consent of an individual or the disclosure is in accordance with section 28 or 29 of LA FOIP:

28 (1) No  local  authority  shall  disclose  personal  information  in  its  possession  or  under  its  control  without  the  consent,  given  in  the  prescribed  manner,  of  the  individual to whom the information relates except in accordance with this section or section 29.

To understand when a meeting should be closed to the public, municipalities and cities should have a sound understanding of LA FOIP. For support, municipalities should contact the Ministry of Government Relations. They should also contact the Ministry of Justice (Access and Privacy Branch) at 306-798-0222 or accessprivacyjustice@gov.sk.ca, who makes training available to cities and municipalities.

Open Government, proactive disclosure, and routine disclosure

Municipalities and cities across Canada are leading the way in open government initiatives, including the City of Regina and the City of Saskatoon. These initiatives allow for citizens to gain access to information without submitting a formal access to information request. Check out the City of Regina’s website at http://open.regina.ca/pages/access and the City of Saskatoon’s website at http://opendata-saskatoon.cloudapp.net/.

I also note that many other cities and municipalities in Saskatchewan are proactively preparing and publishing information on their websites such as council agendas and meeting minutes. Such proactive disclosure of information facilitates transparency and accountability and enhances active participation of citizens in civic life.

Check out my office’s blog entry on what a municipality or city should consider when publishing agendas and meeting minutes on its website: https://oipc.sk.ca/council-agendas-and-meeting-minutes/.

Other helpful resources

A resource about LA FOIP for councillors: https://oipc.sk.ca/assets/what-councillors-should-know-about-lafoip.pdf

Mayors, reeves, and councilors may have a steep learning curve when they are elected, including how to handle personal information and personal health information. Here’s a resource on best practices on how to handle records that contain personal information and personal health information: https://oipc.sk.ca/assets/best-practices-for-mayors-reeves-councillors-and-school-boards.pdf

LA FOIP 101: The Basics for Cities, Towns, Municipalities Webinar: https://oipc.sk.ca/resources/webinars/la-foip-101-the-basics-for-cities-towns-municipalities-etc/

Resources by the Ministry of Justice, Access and Privacy Branch: http://www.publications.gov.sk.ca/deplist.cfm?d=9&c=3570

Was this page helpful?

Google Translate Disclaimer

Translations on the IPC Website are performed by Google Translate. Please note that not all text may be translated accurately or be translated at all. The IPC is not responsible for incorrect or inaccurate translations. The IPC will not be held responsible for any damage or issues that may result from using Google Translate.

For more information, read our full disclaimer.