On January 28, 2025, the Court of Appeal for Saskatchewan held that Saskatchewan Government Insurance could rightly withhold a report that questioned an individual’s fitness to drive based on a Health Information Protection Act discretionary exemption that permits a trustee to refuse access if “disclosure of the information could interfere with a lawful investigation or be injurious to the enforcement of an Act or regulation.”
The Court firstly held that the lower court erred in reading the exemption to apply only if the disclosure could interfere with “an existing or identifiable prospective investigation.” In doing so, the Court made an important point about purposive analysis and access-granting statutes, finding that one ought not give weight to the purpose of an access-granting statute without also giving weight to the purpose of the applicable exception to the granted right of access. It said:
[45] …in a case pitting a right of access against an exception to it, a court must not let the broad purpose of legislation granting rights of access overtake the exercise of properly interpreting provisions that provide exemptions. As always, the modern approach demands that the court must begin the interpretative exercise with attention to the words of the statute, as used in the context of the statute. It also requires that the interpreter consider statutory purpose in a somewhat broader sense than did the judge in this case. This idea is explained in Sullivan, as follows:
§9.02[1] Introduction. In its broadest sense, legislative purpose refers not only to the material goals the legislature hoped to achieve but also to the reasons underlying each feature of the implementing scheme. It asks the question why: why this legislation? why this arrangement of powers? why this direction or rule? why this turn of phrase? In purposive analysis every feature of legislation from the overall conception to the smallest linguistic detail is presumed to be there for a reason. It is presumed to address a concern, anticipate a difficulty, or in some way promote the legislature’s goals.
[43] In short, in a case like this, the interpreter must have regard not only to the purpose of the legislation as a means to extend rights of access to information but also must be mindful of the objectives that stand behind the exceptions themselves. This is because exemptions, such as found in s. 38(1)(f), are the mechanism chosen by the Legislature to achieve the balance between, on the one hand, rights of access and, on the other hand, society’s interest in maintaining the confidentiality of some types of information. In this case, the judge’s singular focus on the purpose that lies behind the right of access found in s. 32 of HIPA was therefore too narrow.
The court also interpreted the word “could” in the applicable exemption to impose an “objective possibility” proof of harm standard, a lower standard than the standard that arises from the words “could reasonably expected to” (which the Supreme Court of Canada said in Merck requires proof of harm that is “more than a mere possibility”).
The question for privacy lawyers, then, is whether a “real risk” (as in “real risk of significant harm”) requires proof of an “objective possibility” of harm or proof of harm that is “more than a mere possibility.” The text might go either way in my view, and as in this case, one ought not let the purpose of breach notification eclipse the purpose the standard itself, which is to set a threshold and protect against notification fatigue and other harms associated with over notification.
Saskatchewan Government Insurance v Giesbrecht, 2025 SKCA 10 (CanLII).