Updated: Chapter 5 of the Guide to FOIP is now available! Click on Guides, IPC Guide to FOIP for more information.

Discussion with Daniel Therrien on his leaving office

Discussion with Daniel Therrien on his leaving office

Daniel Therrien was appointed the federal Privacy Commissioner in 2014. His appointment ended on June 3, 2022. Before his leaving office, I had a chance to discuss his eight years as Privacy Commissioner. We talked about the challenges, the accomplishments, and his outlook for the future.

Please click the link here to hear our conversation.

 

Open Banking

My discussion with Professor Teresa Scassa regarding open banking has just been posted. Professor Scassa is an expert in the area of information law which includes the issue of open banking.

We discussed the direction the country is going and the implications for our province. Please have a  listen here.

Privacy regulators call for legal framework limiting police use of facial recognition technology

Yesterday, the heads of Canada’s privacy protection authorities issued a joint statement recommending legislators develop a legal framework that establishes clearly and explicitly the circumstances in which police use of facial recognition may be acceptable.

In the joint statement, privacy regulators say a new legal framework for regulating police use of facial recognition technology should include:

  • A clear and explicit definition of the limited purposes for which police use of facial recognition would be authorized, and a list of prohibited uses. “No-go zones” should include a prohibition on any use of facial recognition that can result in mass surveillance.
  • Strict necessity and proportionality requirements. Legislation should require police use of facial recognition to be both necessary and proportionate for any given deployment of the technology.
  • Independent oversight. Police use of facial recognition technology should be subject to strong independent oversight. Oversight should include proactive engagement measures. Police should be required to obtain pre-authorization from an oversight body at the program level, or provide it with advance notice of a proposed use, before launching a facial recognition initiative.
  • Privacy rights and protections. Appropriate privacy protections should be put in place to mitigate risks to individuals, including measures to ensure the accuracy of information and placing limits on how long images can be retained in police databanks.

Released along with the joint statement is a guidance document to clarify police agencies’ privacy obligations relating to the use of facial recognition under the current legal framework.

Copies of both documents along with comments by the Ontario Privacy Commissioner are available at the following:

Discussion with Dr. Khaled El Emam on synthetic data

Dr. El Emam and others have just completed a report on “Pan-Canadian Descriptive Study of Privacy Risks from Synthetic Data Generation Practices within the Evolving Canadian Legislative Landscape.” The report was completed in March of 2022 and submitted to the Federal Privacy Commissioner. Dr. El Emam is an expert in the area of synthetic data. He talks about the conclusions in the report and suggests that the time for studying synthetic data is over and it is now time for innovation in Canada.

The report will be available on the Federal Privacy Commissioner’s website soon. Keep checking.

To hear more about this discussion, please check out our most recent episode of Un-redacted, The Sask IPC Podcast here.

But I’m the Applicant – how can my submission help?

So, you have requested a review of an access to information request under The Freedom of Information of Information and Protection of Privacy Act (FOIP), The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP), or The Health Information Protection Act (HIPA). The IPC has opened the file and sent you an email notifying you of the review. However, in the notification email YOU have been invited to make a submission on the matters at hand. You might be thinking to yourself why would I prepare a submission?  I want to assure you that there is no onus on the applicant to make a submission – however, it can be helpful.

First of all, what is a submission?  In a nutshell, for an applicant, a submission gives you the ability to counter the position taken by the local authority, government institution or trustee if you disagree with the decision they made regarding your access to information request. The IPC has developed the resource A Guide to Submissions – Increasing your chances of success (Guide to Submissions – created September 2020). This resource includes tips for applicants on how to create a submission. In this resource, the IPC has outlined what you may wish to prepare your submission on – depending upon the scope of the review. This includes:

  • An applicant disagrees with the exemption(s) claimed to the record.
  • An applicant is not satisfied that a reasonable fee was estimated.
  • An applicant believes that all or part of the fee should be waived.
  • A head (of the local authority or government institution) or trustee failed to respond to the access to information request within the required time.
  • An applicant requests a correction of personal information or personal health information and the correction is not made.
  • An applicant does not believe that a sufficient search was conducted.

When preparing a submission, if you have any evidence to support your arguments, that can be a great help for the IPC through a course of a review. For example, if the scope of the review includes your belief that an adequate search for records was not conducted and you have evidence of that, provide the evidence as an attachment with your submission. A situation where you may have evidence that an adequate search was not conducted is where you have been provided a copy of an email as part of the response, but the attachment to the email has not been included with the response. For more information about evidence, please see the IPC blog What is evidence in a review?

Pages 25 to 27 of the Guide to Submissions includes a template for an applicant they may wish to use for preparing a submission. However, as an analyst I have received very helpful submissions also in the form of an email – it really doesn’t have to be fancy.

If you would like some additional guidance on what the IPC is looking for in your particular review, contact the analyst who has been assigned the file – you will find that information in the notification email advising you of the review or investigation. If you are not sure who the analyst is, please contact our general inquiry line at 306-787-8350.

 

Ontario introduces legislation regarding employee electronic monitoring

The Ontario government has introduced Bill 88, the Working for Workers Act, which among other things proposes section 41.1.1, which requires an employer with more than 25 employees to provide employees with a policy indicating what employees’ digital activity is being monitored. Electronic monitoring is not defined. Employees will have to determine the scope and extent of the policy and the monitoring. The Ontario’s news release stated:

plans to introduce new legislation … that would require employers to tell their workers if and how they are being monitored electronicallyIf passed, Ontario would become the first province to require electronic monitoring policies and protect workers’ privacy by requiring employers be transparent on how employees’ use of computers, cell phones, GPS systems and other electronic devices are being tracked.

The Ontario government has also indicated they are considering private sector privacy legislation, but that legislation has not been introduced yet.

 

In Conversation with Diane McLeod-McKay, Information and Privacy Commissioner of Yukon

The Yukon Information and Privacy Commissioner introduced a new Access to Information and Protection of Privacy Act (ATIPP), which came into force on April 1, 2021. As the Act’s first anniversary looms, I thought it would be helpful to discuss how implementation of the new Act has gone. Diane and I talked about the history, the important changes, the implementation over the last year and the future.

Please listen to this podcast, one in a series of discussing legislative change in our country.

 

RIM Best Practices

Records and Information Management (RIM) practices are important for any organization. My office has developed a guide dealing with RIM. The guide contains many best practices that an organization can adopt.

The goal here is that an organization implement best practices which over time become every day practices. Check out the guide here. This guide is based on the Ontario resource Improving Access and Privacy with Records and Information Management.

Interview with Jill Clayton, Information and Privacy Commissioner of Alberta

I had the pleasure of talking to Jill Clayton who is retiring as the Information and Privacy Commissioner in Alberta. She was appointed in 2012 and re-appointed to a second five-year term in 2017.

Her term expires January 31 of this year, but she stays on until her successor is named. We talked about the accomplishments achieved in her term and her thoughts about the future in Episode 7 of Un-redacted, The Sask IPC Podcast which can be found here.

Please feel free to also check out Jill’s last Annual Report for more information.

Latest Case from the Court of Appeal

The Saskatchewan Court of Appeal has issued its decision in (West v Saskatchewan (Ministry of Health) 2022 SKCA 18. This was an appeal from a Court of Queen Bench decision  involving Mr. West and an access request to the Ministry of Health. The Court of Appeal considered sections 13(1)(b), 17(1)(a), 17(1)(b) and 22(a).

The Court held the Chambers judge erred in interpreting section 13(1)(b). The Court considered the implications of the requirement of confidentiality and the meaning of the word “obtains”. The Court was not persuaded that the Chambers judge committed an error in assessing the information considered under section 17(1)(a) and (b). Finally, the Court found no reason to disturb the Chambers judge’s conclusion regarding section 22 (solicitor-client privilege). I also note the Court of Appeal reviewed the general purpose and principles involved in The Freedom of Information and Protection of Privacy Act.