In an era dominated by artificial intelligence, a prominent voice is calling for Saskatchewan to move beyond simple cybersecurity measures and enact effective privacy legislation to protect citizen data.
Throne Speech Falls Short on AI Governance
The recent throne speech in October 2025 mentioned technology and artificial intelligence only once each. Both references were tied to a national cybersecurity agreement signed by the province, which promises to keep Saskatchewan residents and their data safe.
According to commentator Scott Sibbald, this approach fails to meet the moment. While cybersecurity is crucial for defending against external threats, it does little to regulate how personal information is collected, used, and shared within AI systems and other data-driven technologies.
Real-World Examples Reveal Privacy Gaps
Sibbald points to concerning practices already occurring within Saskatchewan organizations. In one case, a human resources department uses an AI program to scan and summarize job applications. However, the organization provides no clear notice to applicants about this practice and offers no option to opt out.
While the internal data security might be strong, the lack of transparency erodes public trust. A more alarming example involves an employee at another organization who, aiming to streamline work, used a personal AI subscription to scan and summarize job candidate packages.
This act likely constitutes an unauthorized disclosure of personal information to a third-party AI service provider. Beyond being a breach of trust, it is a potential privacy breach that could legally require notification to the affected individuals.
The Case for Proactive Privacy Legislation
These incidents underscore a critical need. Saskatchewan requires stronger laws and better training to ensure AI is used responsibly within a clear, rules-based framework. Rogue employees, even those with good intentions, remain a leading cause of data breaches, a risk that cybersecurity tools alone cannot mitigate.
Effective privacy laws establish clear rules for organizations: they must minimize data collection, inform individuals about how their information will be used, set security standards, and require data destruction when it is no longer needed.
Saskatchewan is lagging behind other provinces on this front. Over the past five years, Quebec, Ontario, British Columbia, and Alberta have all strengthened their public or health sector privacy laws to provide better protection for their citizens. The argument is clear: as AI integration accelerates, robust privacy legislation is not a luxury but a necessity for Saskatchewan.