SASKATOON
Saskatoon

    • Saskatoon police officers snooped on investigation files they had no right to access: Privacy commissioner

    (Stacey Hein/CTV News) (Stacey Hein/CTV News)
    Share

    Three Saskatoon police officers were caught snooping on nine people’s private information from investigation records for personal reasons, according to the Saskatchewan privacy commissioner.

    In a report released this month, the province’s privacy watchdog says the breach came to light after a superintendent at the Saskatoon Police Service (SPS) requested an audit in October, 2023 to determine if anyone had inappropriately accessed a specific investigation file.

    “The audit revealed that one sworn member of the SPS (Sworn Member A) had accessed the personal information of five individuals inappropriately,” commissioner Ron Kruzeniski writes.

    “The audit also revealed that Sworn Member A had queried certain addresses as well as four individuals linked to those particular addresses.”

    This sworn member had also accessed the database using the credentials of another officer who was away from their desk at the time, even printing off some of the ill-gotten private information, Kruzeniski says.

    Following the revelations of the audit, the deputy chief of operations called in police service’s professional standards division to investigate. Through that, investigators discovered two other officers had inappropriately accessed the personal information of a “particular individual.”

    In February, the Saskatoon Police Service disclosed the breaches to the privacy commissioner. The commissioner says one of the people whose privacy was violated also asked his office to investigate.

    Kruzeniski says the officers snooped on files without a work-related reason, including the name of individuals where it appears in police records, information related to criminal history and police involvement, details of investigations involving the affected individuals, opinions about identifiable individuals, and their license plate numbers.

    Generally, license plate numbers aren’t considered personal information, but Kruzeniski said in this case the police service deemed it a violation because the officer — referred to in the report as Sworn Member B — queried a license plate to identify a vehicle owner without a business purpose for the search.

    “In SPS’ access and privacy unit’s investigation report, SPS noted that the accesses to personal information within the [record management system] was for reasons that were personal and unrelated to their work. The ‘need-to-know’ principle states that information should only be available to those in an organization who need to know it for purposes related to their immediate duties,” Kruzeniski writes.

    The police service told the commissioner that the officer referred to as Sworn Member A has had their access to the record management system revoked in the wake of the misconduct.

    That officer told investigators they had destroyed the records they printed off, but Kruzeniski says questions remain about where they took the records, who destroyed the records, and when and how they were destroyed.

    Kruzeniski recommended police investigate the matter further, to make sure they have sufficiently contained the privacy breach, and get written confirmation from Sworn Member A that they didn’t disclose the improperly accessed information to anyone else.

    The SPS told the commission that its investigation found no further suspicious searches from the other two sworn officers, so their access to the records system wasn’t revoked.

    Kruzeniski has asked police to also provide written confirmation from those two officers that they didn’t disclose the breached information to anyone.

    Of the nine people whose privacy was violated by the three officers, six were informed through letters and one through an email.

    Police told the commission that they did not have contact information for the other two and were unable to notify them of the breach.

    Kruzeniski found they made a reasonable effort to notify those affected.

    The SPS told Kruzeniski that its officers take regular training on their duties to protect the private information in police care, so the three violators would have known they were breaking the rules.

    “[The sworn members] knew, or ought to have known, that access to the personal information identified was not for a business purpose, and was therefore inappropriate and a contravention of SPS police,” the service wrote in its investigation report.

    “The SPS does not believe that the breach occurred due to a lack of reasonable security measures on the part of the SPS, but by the wilful decisions of the subject employees.”

    CTVNews.ca Top Stories

    Shopping Trends

    The Shopping Trends team is independent of the journalists at CTV News. We may earn a commission when you use our links to shop. Read about us.

    Regina

    Winnipeg

    Edmonton

    Calgary

    Lethbridge

    Toronto

    Ottawa

    Montreal

    Vancouver

    Kelowna

    Vancouver Island

    London

    Kitchener

    Northern Ontario

    Atlantic

    N.L.

    Stay Connected
    Follow CTV News