Commissioner Dufresne launches exploratory consultation on children’s privacy code

Survey conducted by OPC found that most parents worry about their children’s online privacy

Information and Privacy Commissioner of Ontario and The French Language Services Commissioner discuss your rights of access to information and services in French June 4, 2025

Ontario IPC releases a new independent research report on emerging technology- Emerging Uses of Neurotechnology.

Privacy Commissioner of Canada and UK Information Commissioner’s Office issue a joint letter regarding 23andMe’s bankruptcy proceedings

Instagram still posing serious risks to children, campaigners say

English Information Commissioner issues statement on police use of facial recognition technology (FRT)

BC OIPC provides instruction to delete a user account and DNA on 23andMe

Alberta, update to access and privacy legislation, passed in December and in force this spring

Federal Privacy Commissioner launches new online privacy breach risk self-assessment tool

How to Conduct an Effective Search for Records

How to Conduct an Effective Search for Records

So you have received an access to information request and you know it is not going to be easy to locate responsive records. What do you do? Here are some tips for you.

First: You develop a search strategy and document everything. A search strategy could include:

  • Searching for records in multiple formats (i.e. electronic, paper, and other);
  • Identifying which departments or divisions should be included in the search;
  • If the original access request was broad or covers a wide open time period, determine how you will define the search parameters;
  • Identify who should search for the records;
    • Will you delegate others to do the search? If so, consider developing detailed directions that you can provide to staff to ensure the search is done the way you require it.
  • Determine if external agents, consultants or other contracted services have any records. If yes, determine if these records should be included (i.e. possession/control)

Second: You have now received a notification letter from our office requesting details of your search efforts. A review involving search efforts focuses on whether the search conducted was reasonable or not. If you have documented your efforts in detail, you are already prepared for our request. Generally, the details to our office could include:

  • For personal information requests – explain how the individual is involved with the public body (i.e. client, employee, former employee etc.) and why certain departments/divisions/branches were included in the search;
  • For general requests – tie the subject matter of the request to the departments/divisions/branches included in the search. In other words, explain why certain areas were searched and not others;
  • Identify the employee(s) involved in the search and explain how the employee(s) is “experienced in the subject matter”;
  • Explain how the records management system is organized (both paper & electronic) in the departments/divisions/branches included in the search:
    • Describe how records are classified within the records management system. For example, are the records classified by:
      • alphabet
      • year
      • function
      • subject
    • Consider providing a copy of your organizations record schedule and screen shots of the electronic directory (folders & subfolders).
    • If the record has been destroyed, provide copies of record schedules and/or destruction certificates;
    • Explain how you have considered records stored off-site.
    • Explain how records that may be in the possession of a third party but in the public body’s control have been searched such as a contractor or information service provider.
    • Explain how a search of mobile electronic devices was conducted (i.e. laptops, smart phones, cell phones, tablets).
  • Which folders within the records management system were searched and explain how these folders link back to the subject matter requested?
    • For electronic folders – indicate what key terms were used to search if applicable;
  • On what dates did each employee search?
  • How long did the search take for each employee?
  • What were the results of each employee’s search?
    • Consider having the employee that is searching provide an affidavit to support the position that no record exists or to support the details provided. For more on this, see the OIPC resource, Using Affidavits in a Review with the IPC available on our website.

Each case will require different search strategies and details depending on the records requested. You do not have to address every bullet in your submission to our office. You want to tailor your response to fit the circumstances and records on a case-by-case basis. The more thorough and detailed the response is, the more likely our office will find the search was reasonable. For more information on how our office approaches search reviews, see our IPC Guide to FOIP, IPC Guide to LA FOIP and/or IPC Guide to HIPA.

Was this page helpful?

Saskatchewan Information and Privacy Commissioner tables 2014-2015 Annual Report

Saskatchewan Information and Privacy Commissioner, Ronald J. Kruzeniski Q.C., has submitted his office’s 2014-2015 Annual Report to the Legislative Assembly. Kruzeniski stated:

This is my first Annual Report filed as the Information and Privacy Commissioner and I hope it outlines a path I intend to take over the next four years.

And he further stated:

It is time to update The Freedom of Information and Protection of Privacy Act and The Local Authority Freedom of Information and Protection of Privacy Act. These statutes have not been updated in 22 years and need to reflect changes across the country and the impact of new technology. I am making several recommendations for change. You can see the requested changes in this Report.

Was this page helpful?

When Salary is Open to Public Scrutiny

The starting point of determining whether or not your salary is releasable starts with what access and privacy law applies to you in your circumstance. If you work for a government institution or local authority, then your salary is not considered your personal information.

Why does it matter if it is or is not considered personal information? Well, if it is not considered personal information, then the privacy protections afforded by privacy laws will not protect it from release to whoever is asking for it. If it did constitute your personal information, generally the only individual with a right to access that information would be you. That however is not the case with salary information of those working in the public sector. This is even though the following is generally considered to be your personal information: “information that describes an individual’s finances, assets, liabilities, net worth, bank balance, financial history or activities of credit worthiness.”

Some have asked our office why salary ranges cannot be released instead. In Saskatchewan, The Freedom of Information and Protection of Privacy Act (FOIP) and The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) both state that “salary” is not considered personal information. In some jurisdictions, the legislation provides that “salary range” instead may be disclosed.

What about the public release of salaries over a certain dollar figure like $50,000 or $100,000? Neither FOIP nor LA FOIP discriminates when it comes to how much you make. Whether that amount is $20,000 or $200,000, it is releasable.

The IPC has a couple of past reports on our website that speak specifically to this issue. Investigation Report LA-2012-001 involves the City of Moose Jaw and its decision to publish in its public accounts information, salaries paid to employees and officers of the City but also that of police officers. The other report where salary was discussed was Investigation Report LA-2012- 002 involving the Regina Qu’Appelle Regional Health Authority. Discussed in this report is publishing salary information on the Internet. Although there was authority to release salary information publicly including on the Internet, technical safeguards should be utilized to prevent wide scale data mining. A specific recommendation in this case was to utilize web robot exclusion protocols to reduce the opportunity for web crawlers to crawl and compile information from web servers.

In conclusion, making available salary information of those working in the public sector is done to achieve the objective of making public expenditures more transparent for accountability purposes. If you have further questions on this topic, contact our office.

Was this page helpful?

5 Ways to Protect Your Privacy

Welcome to the Saskatchewan IPC’s blog! Here you’ll find tips, information, instruction, stories, and commentary on what’s going on in our office or in the access and privacy community at large. We also hope to invite guest bloggers to post their thoughts on here too.

So to kick off this blog, here are five ways to protect your privacy:

1. Limit what you post on social networking sites to minimize the likelihood of identity theft/fraud.

Any identifiable information about you could be used to commit identity theft or fraud. Posting your full name, full birth date or any other type of information may provide identity thieves with the information they need to commit identity theft or fraud.

2. Cross-shred or burn documents containing your personal information.

Similar to the above tip, you don’t want any of your personal information in the wrong hands because it can be used for identity theft or fraud.

3. Avoid using public Wi-Fi networks.

Information that you send or receive, such as your username and passwords for email and social networking accounts using public Wi-Fi networks could be intercepted by anyone else on the network.

4. Ask organizations the purpose behind their collection of your personal information.

Also ask how they protect your personal information. Provide only the personal information that is necessary. Once they have our personal information, you are trusting them to protect your information from identity thieves.

5. Use strong passwords.

There are many resources online on how to come up with a strong password, including this one here. Use different strong passwords for different accounts. This is so that if one account is compromised, not all of your accounts are compromised. If memorizing strong passwords become difficult, consider using a password manager that will help manage all your passwords.

Hopefully the above list will help you brainstorm other ways how you might be able to protect your privacy. Stay tuned for more blog entries!

Was this page helpful?

Acting Saskatchewan Information and Privacy Commissioner tables 2013-2014 Annual Report

Acting Saskatchewan Information and Privacy Commissioner, Diane Aldridge, has submitted her office’s 2013-2014 Annual Report to the Legislative Assembly.

Aldridge stated: “‘the more things change, the more they stay the same’. This is in no small part due to the fact that our office yet again received numerous complaints, as with previous years, regarding employee snooping, misdirected faxes and mail (email and snail), and lost or stolen mobile devices or records.”

Aldridge also noted: “I encourage public bodies and trustees to learn from the experience of others and make the necessary improvements to ensure better compliance with our access and privacy laws.”

The Annual Report also includes a summary of the 23 case reports (both access denial and privacy complaints) issued by the office in 2013-2014 and the response of the government institutions, local authorities and trustees named in each of those reports.

Was this page helpful?

Saskatchewan Information and Privacy Commissioner resigns effective January 31, 2014

Gary Dickson, Saskatchewan Information and Privacy Commissioner, has submitted his resignation to the Speaker of the Legislative Assembly effective January 31, 2014.

Dickson was initially appointed November 1, 2003 as Saskatchewan’s first full-time Information and Privacy Commissioner. He was reappointed for a further five year term in April 2009.

The resignation is solely for personal reasons. Dickson expressed his appreciation for the unique opportunity to be the first full-time Information and Privacy Commissioner in the province. He lauded the work done by the seven employees in the Office of the Information and Privacy Commissioner (OIPC): “I am extremely proud of the team of access and privacy professionals in this office and what they have accomplished in just ten years.”

Dickson also noted that: “We have seen considerable progress in the way that Saskatchewan public bodies and health trustees address both statutory goals of greater transparency and heightened privacy protection for citizens. This reflects good work by access and privacy coordinators in a very large number of public bodies and health trustees.”

Was this page helpful?

Google Translate Disclaimer

Translations on the IPC Website are performed by Google Translate. Please note that not all text may be translated accurately or be translated at all. The IPC is not responsible for incorrect or inaccurate translations. The IPC will not be held responsible for any damage or issues that may result from using Google Translate.

For more information, read our full disclaimer.