The Information and Privacy Commissioner of Saskatchewan has released his annual report for 2010-2011. Like some of his colleagues, he's calling for greater sanctions for privacy breaches:
Commissioner says Saskatchewan 'bedevilled' by privacy breaches - Winnipeg Free Press
"What we often find is that it's not somebody hacking into a database," said Dickson.
"It's typically a lack of care. It's carelessness on the part of organizations that are entrusted with personal information, and then curiosity of staff who can't seem to overcome the temptation to go and snoop in somebody else's health records or somebody else's personal information, which means a huge training effort has to happen in our province.
"We're certainly making some headway, but we simply have too many organizations in Saskatchewan in 2011 that aren't doing an appropriate job protecting personal information."....
The maximum fine under Saskatchewan's 19-year-old Freedom of Information and Protection of Privacy Act is $1,000. By comparison, breaking the province's Health Information Protection Act can mean a fine of up to $50,000 for an individual and $500,000 fine for an organization.
But, Dickson noted, no one has ever been prosecuted under either of those acts. It's a long-standing concern for the commissioner.
"We're not going to have the level of compliance ... that I think Saskatchewan residents are entitled to until there are particularly serious consequences," he said. "(We need) ... people being charged under an offence provision and a court process and then at the end of that, if somebody's found guilty, substantial fines."
Saskatchewan Justice Minister Don Morgan said Dickson is right. Penalties for privacy breaches are "quite light," but so far nothing has met prosecutorial standards, he said.