Alberta, update to access and privacy legislation, passed in December and in force this spring

Federal Privacy Commissioner launches new online privacy breach risk self-assessment tool

Law Society – Bite Size video – cloud computing guide

Ontario IPC commissions report on workplace surveillance technologies

Australian IPC releases new Privacy Basics e-Learning module

Watch Law Society video-Cyber Breaches through Third Parties

Australia’s privacy commissioner publishes its Digital ID regulatory strategy

5 takeaways from the Lifelabs case

Put Privacy First – Privacy Commissioner of Canada speaks about privacy risk mitigation.

Learn more about The Power of PETs: Privacy Enhancing Technologies during a panel discussion hosted by The Information and Privacy Commissioner of Ontario.

Blog

Saskatchewan Business and Privacy (updated)

March 27, 2025 - Ron Kruzeniski, Information and Privacy Commissioner

The Office of the Privacy Commissioner of Canada (OPC) has issued a guidance document entitled Privacy Guide for Businesses. You may ask, “Does it apply to businesses or organizations in Saskatchewan?” The answer is yes, it does. The Personal Information Protection and Electronic Documents Act (PIPEDA) is a federal statute that applies to businesses in Saskatchewan. If you are in business in Saskatchewan, I recommend you read the Privacy Guide for Businesses.

First let me summarize the main issues from the guide:

  • PIPEDA sets out the ground rules for businesses in Saskatchewan.
  • The OPC oversees compliance with PIPEDA by conducting independent and impartial investigations and audits.
  • Businesses covered by PIPEDA must generally obtain an individual’s consent when they collect, use or disclose that individual’s personal information.
  • People have the right to access their personal information held by a business. They also have the right to challenge its accuracy.
  • Personal information can only be used for the purposes for which it was collected.
  • Generally, personal information must be protected by appropriate safeguards.
  • PIPEDA applies to private-sector businesses across Canada and Saskatchewan that collect, use or disclose personal information in the course of a commercial activity.
  • The law defines a commercial activity as any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.
  • All businesses that operate in Canada and handle personal information that crosses provincial or national borders in the course of commercial activities are subject to PIPEDA.
  • Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual.
  • PIPEDA includes mandatory breach reporting requirements. Businesses must report to the OPC any breaches of security safeguards that pose a real risk of significant harm.
  • Businesses must follow the 10 fair information principles to protect personal information, which are set out in Schedule 1 of PIPEDA. The principles are:
    • Accountability
    • Identifying purposes
    • Consent
    • Limiting collection
    • Limiting use, disclosure and retention
    • Accuracy
    • Safeguards
    • Openness
    • Individual access
    • Challenging compliance

For more information on PIPEDA and Businesses, see the Privacy Guide for Businesses.

When the federal government makes changes (amendments), those changes will affect Saskatchewan businesses, whether Saskatchewan businesses like those changes or not. Alberta, British Columbia and Quebec have passed legislation provincially, which applies to businesses in their province and replaces the operation of PIPEDA to a certain extent.

I pose the question whether Saskatchewan should, like Alberta and British Columbia, develop its own legislation to ensure privacy protections are extended to all employees in Saskatchewan regardless of the type of employer they work for.

Categories: BlogTags: ,

Back to Blog

Was this page helpful?

Google Translate Disclaimer

Translations on the IPC Website are performed by Google Translate. Please note that not all text may be translated accurately or be translated at all. The IPC is not responsible for incorrect or inaccurate translations. The IPC will not be held responsible for any damage or issues that may result from using Google Translate.

For more information, read our full disclaimer.