Guide to FOIP-Chapter 4

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 4, Exemptions from the Right of Access. Updated 8 April 2024. 251 For subsection 20(a) of FOIP, the provision primarily protects testing or auditing procedures and techniques; the testing/auditing mechanism, not the content.852 The exemption does not cover the results of tests or audits.853 IPC Findings In Review Report F-2010-001, the Commissioner considered subsection 20(a) of FOIP. An applicant made an access to information request to the Ministry of Health for information related to the inclusion and interpretation of section 57 of The Health Information Protection Act (HIPA), policy rationale related to proposed HIPA Regulations covering 12 years. The applicant also requested information pertaining to submissions received during the public consultation for the HIPA Regulations. The Ministry withheld portions of the records pursuant to several provisions of FOIP including subsection 20(a). Upon review, the Commissioner found that a privacy impact assessment (PIA) qualified as an audit for purposes of subsection 20(a) of FOIP. However, the provision was found not to apply, as a PIA was a fact-finding exercise where the questions remained constant. The responses change with the circumstances. The exemption was intended to primarily protect procedures and techniques: the testing mechanism and not the content. As such, the Commissioner found that subsection 20(a) of FOIP did not apply. The Commissioner recommended release of the PIA. In Review Report 145-2015, the Commissioner considered subsection 20(a) of FOIP. An applicant made an access to information request to Saskatchewan Power Corporation (SaskPower) for a copy of the investigation report prepared by SaskPower that led to the applicant’s termination along with copies of email conversations and calibration session comments. SaskPower responded to the applicant advising that the investigation report was being withheld pursuant to several provisions of FOIP including subsection 20(a). Upon review, the Commissioner found that the investigation performed by SaskPower would qualify as an audit for the purposes of section 20 of FOIP. However, the techniques or procedures must include specific steps. General information, such as forms and standard policies that did not include specific steps and procedures, would not qualify. Routine, common or customary auditing techniques and procedures would not qualify. The Commissioner found that three portions of the investigation report, which included a section titled, Forensic Analysis Procedures, would constitute auditing techniques or procedures. Further, the Commissioner was persuaded that the release of the auditing techniques and procedures could reasonably be expected to prejudice the use or results of particular tests or 852 SK OIPC Review Report F-2010-001 at [102]. 853 Canada (Information Commissioner) v. Ponts Jacques Cartier & Champlain Inc. (2000), 8 C.P.R. (4th) 536 (Fed. T.D.) at 543-545.

RkJQdWJsaXNoZXIy MTgwMjYzOA==