Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 365 Snooping Snooping, or the unauthorized access of personal information, occurs when employees access personal information or personal health information without a need-to-know. That is, they access personal information or personal health information for reasons beyond completing their job duties. Snooping is a harmful and intrusive activity that undermines the trust citizens have in a government institution’s ability to maintain the confidentiality of their information. Many investigations undertaken into snooping cases by the Commissioner have resulted in recommendations that the government institution forward its file to the Public Prosecutions Division at the Ministry of Justice and Attorney General to determine if an offence under The Health Information Protection Act (HIPA) has occurred and whether charges should be laid against the snooper. In Investigation Report 228-2015, an employee had snooped on the personal information of 4,382 current and former SaskPower employees and copied files from that data. The Commissioner recommended that SaskPower forward its investigation file to the Public Prosecutions Division at the Ministry of Justice and Attorney General. Further, the Commissioner recommended that SaskPower report the matter to the employee’s professional association. The Commissioner has also investigated snooping cases where there have been unauthorized accesses into Saskatchewan Government Insurance’s Auto Fund Database, including a matter where an employee of an issuer had been making unauthorized accesses since 1995. The Commissioner raised awareness around this issue in his blog, Insurance Brokers Snooping. In other jurisdictions, fines have been issued for snooping. For example, in Alberta: • A pharmacist was fined $15,000 for inappropriately accessing information of individuals on Alberta’s Netcare system. • A former Alberta Health Services employee was fined $5,000 plus another $1,000 victim surcharge, for the inappropriate accessing of information of 189 individuals 985 times over a two-year period. • A former Covenant Health employee was fined $3,000 for the inappropriate accessing of information on 16 individuals on 465 occasions.
RkJQdWJsaXNoZXIy MTgwMjYzOA==