OIPC (Office of the Information and Privacy Commissioner for Nova Scotia)
- February 28, 2020 – July 11, 2024: History and before Request to Jason Mighton, OIPC to Expedite the Case
- July 11, 2024 – Request to Jason Mighton to Expedite Case
- July 16, 2025 – Additional Privacy Breaches Reported – OIPC Retaliated and Fabricated a Submission to Department of Justice (DOJ) / "Unreasonable Behaviour Policy Written Notice"
History and before Request to Jason Mighton, OIPC to Expedite the Case:
My history with the Office of the Information and Privacy Commissioner for Nova Scotia predates every provincial file number in this section. On February 28, 2020, while trying to establish which regulator held jurisdiction over Irving Shipbuilding's handling of my personal information, I contacted the provincial Privacy Commissioner directly. The answer, provided by Julie Young, was that the OIPC had no jurisdiction over PIPEDA or over Irving Shipbuilding's privacy practices, and that the Office of the Privacy Commissioner of Canada was the correct venue. On December 6, 2022, Julie Young re-attached that same February 28, 2020 email and confirmed the position in writing: "I can confirm with certainty that Irving Shipbuilding/JDIrving is not subject to or covered by any of Nova Scotia's provincial privacy laws over which this office (NSOIPC) has jurisdiction."
The provincial file itself arises from the events of August 2, 2022 and August 3, 2022. After I walked to Halifax Regional Police headquarters to file a complaint — a complaint HRP responded to by calling themselves a "conflict of interest" and then arresting me — my bookbag was transported to Mount Hope before I had seen a doctor. That bag contained my wallet: health card, driver's licence, banking cards, and cash. Mount Hope's own internal notes, dated August 3, 2022, record that "the clients belongings including wallet was brought to the unit with the previous client mistakenly.":
https://thewolfandtheneuralnetwork.com/Media/Resources/Add_2024_03/2022-08-03%20Combined%20information%20about%20Privacy%20Breach%20(Book%20bag%20wallet%20Health%20Card%20PHI).png (https://tinyurl.com/bdh67fuc)
A health card is Personal Health Information under NSHA's own policy, signed off by Privacy Director Karen Hornberger, which states that all breaches must be reported for investigation.
https://thewolfandtheneuralnetwork.com/Media/Resources/2023-05-25_Karen%20Hornberger%20Lying%20about%20PHI%20Infographic.png (https://tinyurl.com/3a6hvfcv)
Person A — the patient who arrived with my bag — told me the next morning that he and two HRP officers had gone through it, and asked if I wanted to "Rock, Paper, Scissors" for one of the twenties inside.
I raised the breach with NSHA. Karen Hornberger's response of May 25, 2023 characterized the matter as one of "patient belongings" that her office "does not typically deal with" — a framing that omits the health card, the financial information, and the identity documents, and does not match NSHA's own internal note. Instead of asking any further questions or clarifying, she closed the case and deferred me to the OIPC. Karen Hornberger was well aware that cases with the OIPC literally take 3+ years to even be looked at, while she knew serious abuse was being reported that needed to be addressed at the NSHA level.
https://thewolfandtheneuralnetwork.com/Media/Resources/Add_2024_03/2023-05-25%20Reply%20from%20Privacy%20Director%20Karen%20Hornberger.png (https://tinyurl.com/f3pr5n8s)
On the same date, May 25, 2023, the OIPC provided me the process to request a review of NSHA's response under the Personal Health Information Act. On May 30, 2023, the file was formalized: NSHA File 2023-074 became OIPC File 23-00201.
In parallel, I put a direct question to the OIPC arising from March 13, 2023, when NSHA staff prohibited me from recording my own interactions, citing their privacy, and then held me for twenty-four hours in a room with two CCTV cameras recording everything I did. I asked the Commissioner's office whether patients have the right to record their interactions with doctors. Intake Manager Mary Kennedy's answer, March 29, 2023, was that "PHIA contains no right for patients to record interactions with doctors" and that the office could not comment on the Criminal Code. On April 3, 2023, she closed the door entirely: the matter "will not be escalated to the Information and Privacy Commissioner," and "This concludes our communication with you on this matter." The OIPC knows there are no provisions in privacy law which restrict it. Section 184(2)(a) of the Criminal Code specifically allows for it.
https://laws-lois.justice.gc.ca/eng/acts/c-46/section-184.html
And the CMPA website states recording by patients is explicitly allowed:
https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2017/smartphone-recordings-by-patients-be-prepared
"Although patients can record their clinical encounters without a physician's consent, the same does not hold true for physicians. Clinicians who wish to record a clinical encounter should first obtain informed consent from the patient, and that consent discussion should be noted in the medical record. Some Colleges may require the use of a separate consent form for this purpose."
The way the OIPC answered and framed the question allowed it to sidestep what it knew: nothing in PHIA disallows patient recording either. It also made no finding on whether NSHA should reasonably have documented such a privacy request — and its denial of it — in the patient record. In my case, both the request and the denial went unrecorded. That is especially concerning because a sexual assault and privacy breaches by NSHA were being reported at the same time, and so were likewise not recorded. It could easily be argued staff exploited this gap to avoid recording the reported abuse — and the OIPC declined to address that incident using the same loophole.
On February 22, 2024, after CPSNS fabricated false records, retaliated, and committed another privacy breach with Cox and Palmer, I wrote a letter addressed directly to Tricia Ralph, then Privacy Commissioner. It included all the NSHA notes showing the events with my bookbag, the retaliation by NSHA, and the links to Karen Hornberger, Director of Privacy's, own documentation directly stating that a health card was PHI and must be reported in SIMS or to Privacy for investigation. And it showed how Karen Hornberger could have asked Mount Hope basic questions, as the details were on the very first page of intake and were made very clear by the staff at Mount Hope.
Letter to Tricia Ralph: https://thewolfandtheneuralnetwork.com/HTMLDocuments/April5th2024_OIPC_Tricia_Ralph.html (https://tinyurl.com/4u53axh8)
Image showing letter was mailed through Canada Post: https://thewolfandtheneuralnetwork.com/Media/Resources/Added_2024_04/2024-04-09%20%20Justin%20trudeau%20-Tim%20Houston%20-%20Karen%20Hornberger%20-%20NSHA%20Privacy%20-%20Patrick%20Curran%20-%20Tricia%20Ralph%20Canada%20Post.jpg (https://tinyurl.com/56avaemp)
File 23-00201 then sat in the OIPC's queue, with no response from the OIPC. The office's own 2023-2024 Annual Report documents a multi-year backlog. Through 2023 and 2024 I continued to supply the file with direct evidence — the Mount Hope note, the Hornberger response, the January 15, 2024 CPSNS findings that contradict NSHA's own records, the Section 46 disclosure of my personal and confidential information to Cox & Palmer, where Stephen McNeil holds a prominent role — by email, fax, Canada Post, and public posting, all mirrored at www.TheWolfAndTheNeuralNetwork.com.
July 11, 2024 – Request to Jason Mighton to Expedite Case
On July 11, 2024, following a phone call that morning, Julie Young provided the OIPC's criteria for expediting a file: the matter must be urgent and specific, and the circumstances exceptional — the privacy breach is not yet contained, the breach is systemic or ongoing, there is a health and safety concern, or there is overwhelming public interest. Young had also set out the factors the OIPC would weigh — any delay by the applicant, the applicant's ability to effect change, other administrative processes, the merit of the public interest argument, and likelihood of success. I submitted my written request on the deadline, July 25, 2024, arguing the case met every criterion.
https://thewolfandtheneuralnetwork.com/HTMLDocuments/July%2025th%202024%20-%20Request%20to%20have%20OIPC%20Case%2023-00201%20Expedited.html (https://tinyurl.com/mvmyyj8u)
On August 27, 2024, Senior Investigator Jason Mighton denied the request: "Because these criteria have not been met, I cannot expedite the file. Your file will therefore be placed in our queue and will be addressed in the chronological order it was received."
https://www.thewolfandtheneuralnetwork.com/Media/Resources/Added_2026_04/2024-08-27_OIPC_Expedite_Response_23-00201_NSH22023-074.pdf (https://tinyurl.com/5ycu3d9s)
The OIPC's response:
Aug 27, 2024, 3:50 PM – Request to Expedite OIPC 23-00201 / NSH 22023-074 From: Mighton, Jason Jason.Mighton@novascotia.ca
Note: the OIPC's subject line and attachment render the NSHA file number as 22023-074; NSHA's own file number is 2023-074 — the discrepancy originates in the OIPC's documents.
"Hello Mr. Jewers, I apologize for the delay in responding to your expedite request. Please find attached the response to your request to expedite your review file 23-00201. Privacy files can only be expedited where the breached information has not yet been contained, the breach is systemic, the breach is ongoing or likely to happen again, or there is a safety concern or public interest. Because these criteria have not been met, I cannot expedite the file. Your file will therefore be placed in our queue and will be addressed in the chronological order it was received. Please hang on to any questions that you might have about the review or materials that you want to submit until you are contacted by an investigator in due course. An investigator will contact you when your file is active. I appreciate your patience. Best regards, Jason Mighton (he/him), Senior Investigator"
This response ignores the direct evidence provided, and the dismissal on the grounds that the "criteria had not been met" contradicts the OIPC's own policy:
- The breach was systemic (PHI disclosed across multiple institutions),
- The breach was ongoing (continued retaliation and disclosures),
- There was an explicit safety concern (sexual assault and threats),
- And overwhelming public interest (multiple resignations at the highest levels of government and security services).
Regarding the Review of Jason Mighton:
This is not only a breach of privacy. It represents identity fraud, PHI misuse, and a coordinated attempt to obstruct accountability for sexual assault. For the OIPC to exclude these facts from their characterization of the case is a direct misrepresentation of its scope and gravity.
"The package also contains complaints about your denied request to have your file (23-00201) expedited. This decision is not being revisited, your file will be processed in the order in which it was received."
The OIPC was directly contacted and advised of serious abuse, including sexual assault. I explicitly informed them of the RROSH (Real Risk of Significant Harm), the federal standard for describing the severity of the situation. I personally advised Senior Investigator Jason Mighton of:
- The sexual assault and related abuse,
- The resignations of the Premier (Stephen McNeil), the Chief of Police (Dan Kinsella), a Postmedia Executive (Jamie Irving), multiple US executives with Irving Shipbuilding (Kevin McCoy and Kevin Mooney), and the CSIS Director,
- The RCMP Special Victims Unit case — Case #2025-21595, Phone: 902-220-2013 — and CSIS Case #Attachment5566, Phone: 613-993-9620,
- My role as a global technical expert overseeing a matter with clear national security implications.
The OIPC was directly informed of a case meeting all of its stated criteria for expedited review and still refused to act. Notably, the denial offers no reasoning against any individual criterion — no finding on containment, systemic or ongoing character, safety, or public interest — only the bare conclusion that "these criteria have not been met." A four-part test was answered with a one-line dismissal, and the July 11, 2024 letter setting out those criteria had placed the burden on the applicant to address them, which the expedite request did, point by point. The submission engaged every criterion; the denial engaged none — and it addressed none of the weighing factors Young had set out either.
It is also worth noting what the OIPC did afterward. Effective November 1, 2025 — fourteen months after this denial — the OIPC adopted a formal Expedite Policy stating it "does not accept requests to expedite reviews from applicants or public bodies." The criteria-based process under which Julie Young had provided the criteria and deadline in July 2024, and under which this request was submitted and denied, was eliminated in favour of expediting at the OIPC's "sole discretion." The new policy retains "a review concerning a matter of significant public interest" as a ground on which the Commissioner may expedite, and requires that when they do, "they will provide detailed written reasons to all parties" — a standard of reasoning the August 27, 2024 denial itself never met.
Expedite Policy (Effective November 1, 2025): https://oipc.novascotia.ca/sites/default/files/Expedite%20Policy%202025%2011%2001.pdf
This behaviour — regardless of any input from Scott Jewers — would be viewed as suspicious by security and police agencies, particularly given the documented connections between Tricia Ralph, Karen Hornberger, and NSHA.
July 16, 2025 – Additional Privacy Breaches Reported – OIPC Retaliated and Fabricated a Submission to Department of Justice (DOJ) / "Unreasonable Behaviour Policy Written Notice"
As per their directions on the OIPC website, on July 16, 2025 I dropped off 5 complaints to the OIPC physical mailbox:
https://oipc.novascotia.ca/contact-us
"... If you wish to provide us with hard copies of materials, please send them by mail, fax, courier or by dropping them off in the mail slot outside our office door...."
On August 13, 2025, I would receive an email from the OIPC with a document "Unreasonable Behaviour Policy Written Notice".
Length:
The notice characterizes the July 16, 2025 delivery as "a 78-page package of materials." The arithmetic deserves scrutiny.
The OIPC's own Review of Privacy Complaint Form is seven pages long in blank form — mostly pre-printed instructions, jurisdictional warnings, and remedies tables. Each of my five completed forms is exactly seven pages; my responses fit within the answer spaces and added zero pages across all five complaints. Thirty-five of the seventy-eight pages are therefore the OIPC's own form.
With the two-page cover letter, the remaining forty-one pages were supporting attachments — roughly eight pages per complaint — and those attachments are not optional. Page 5 of the form instructs applicants to attach a copy of the complaint filed with the public body and the public body's response. Page 7 asks, "Are there any documents, records, or evidence that support your complaint?" and instructs: "If yes, attach them to this form." A "Required Attachments" checklist follows. Eight pages of mandated attachments per complaint — under three pages per required category, spanning multi-year institutional records — is a lean evidentiary package, not an excessive one.
The "78-page package" is therefore thirty-five pages of the OIPC's own template, a two-page cover letter, and forty-one pages of documentation the form itself demands. This is not my accounting imposed on theirs — it is the letter's own: "Your package contained a two-page cover letter and five 'Review of Privacy Complaint Forms' with multiple attachments." Five complaints with their mandated attachments produce a package of exactly this size by design — the OIPC's design. The office then cited the resulting page count as evidence of "excessive demands on the time and resources of OIPC staff." And having declared that communications on these matters "will not be read, will not be responded to and will not be retained," the OIPC has ensured the characterization can never be checked against the package itself.
"Unknown but It Remains Excessive"
The notice's volume finding refutes itself in a single paragraph. The office states that in May 2023 it stopped logging my emails, then concludes: "the true volume of emails from you is unknown, but it remains excessive." That is a finding of excessiveness resting on an admittedly unknown quantity. An office cannot simultaneously declare that it does not know the volume and that the volume is excessive — the second claim requires exactly the measurement the first claim abandons.
The concrete evidence the notice does supply is this: "on September 15, 2021, you sent 3 emails and on September 16, 2021 you sent 4." Seven emails across two days, nearly four years before the notice was issued, is the entire quantified record offered in support of a zero-tolerance conduct finding. The pattern matches the page-count claim: in both cases the office asserts excess, declines to retain or produce the evidence that would let anyone verify it, and asks the characterization to stand on its own authority.
Valid Complaints and Where They Should Have Gone:
The OIPC's rejection letter does one more thing worth documenting: it declines to say where any of the five complaints should have gone. The office's own website hosts "The OIPC's Role - What the OIPC Can and Cannot Do" — the letter links to it. The office knows the jurisdictional map, and referring a complainant onward costs a sentence. Instead, the letter presents the five complaints as an undifferentiated mass — "we are not investigating any of the concerns" — without distinguishing the forms within its mandate from those outside it, and without directing a single one to its proper venue. The effect is to make the complaints look arbitrary, as though they had no proper home, when every one has a designated regulator:
The NSHA trespass and identity theft complaint belonged exactly where it was filed — the OIPC, under FOIPOP and PHIA, alongside the office's own open file 23-00201 against the same custodian.
The Valent Legal complaint belongs with the Office of the Privacy Commissioner of Canada under PIPEDA, which governs private-sector organizations — a law firm handling client data included.
The mail interception complaint divides by component: ESDC's handling of the September 15, 2020 letter belongs with the OPC under the federal Privacy Act; interference with mail itself is a Canada Post matter and, as a potential Criminal Code offence (s. 345, mail theft; s. 356, theft from mail), an RCMP matter.
The Curran/Legere/Jefferies complaint severs three ways: the Office of the Police Complaints Commissioner component is provincial — OIPC-reviewable under FOIPOP; the HRP components fall under the Municipal Government Act's own process (a limit the OIPC's form itself states); the RCMP component belongs with the Civilian Review and Complaints Commission; the OPC component with the OPC's designated internal process or the Federal Court under the Privacy Act.
The GPS complaint severs the same way: the Government of Nova Scotia component is squarely OIPC territory under FOIPOP; DND belongs with the OPC under the Privacy Act and National Defence's own oversight bodies; RCMP with the CRCC; JDIrving and EMIC — private companies — with the OPC under PIPEDA.
Every venue on that list is one the OIPC deals with routinely. The office knew the map and chose not to share it. A one-paragraph referral — "forms one and four belong with our federal counterpart; form two is accepted; forms three and five are severed as follows" — would have cost nothing and been the ordinary discharge of its public-facing role. Instead it rejected all five without differentiation, declared future communications would be unread and unretained, and left a citizen to reconstruct the jurisdictional map alone.
And the record shows the reconstruction was never needed. Over the same period, the components the OIPC implies were indiscriminately misdirected were already lodged in their correct venues: the RCMP conduct complaints with the CRCC (file 2023-1031, branched to R2024-005807); the federal privacy matters with the OPC (PIPEDA-040565, PIPEDA-045577, PA-070308, P-2025-00180); the HRP matters with HRP Professional Standards; the CPSNS matters with CPSNS. The parallel record contradicts the letter's central premise. The July 16 package was not a citizen confusing one regulator for all regulators — it was a citizen placing before the provincial privacy commissioner the provincial privacy dimensions of a documented, multi-jurisdictional record, while the federal, municipal, and professional-body dimensions were already filed where they belonged. The OIPC's letter does not engage with that. It could not characterize the filings as unreasonable if it did.
For an office whose stated mandate includes public education on privacy rights, the omission is not a detail. It is the difference between a regulator administering a boundary and a regulator using one.
Alleged Threats
The OIPC wrote that the package contained "references [to] police investigations against two named OIPC staff members." That is not what was submitted. I never alleged an investigation against Ralph or Mighton. I gave two case numbers — RCMP 2025-21595 and CSIS Attachment5566 — as the existing files their conduct would be reported into, and to which they were asked to self-report. "Investigations against them" implies fabricated, targeted probes. "Here are two active case numbers your conduct would be included in" points at real files. The OIPC rendered the second as the first — then withheld those same case numbers from the Department of Justice, so no one at DOJ could check.
The notice then quotes the passage it labels a specific threat: "I control the first page of global search results for each of your names…I promise you this: I will ensure that your role in this follows you for the rest of your lives. Your friends, families, employers, and neighbors will see the truth…That is my promise to each of you."
Take it clause by clause. "I control the first page of global search results for each of your names" is not a threat — it is a fact, verifiable in seconds at www.TheWolfAndTheNeuralNetwork.com. "Your role in this follows you for the rest of your lives" promises permanence, not a verdict. The internet already records everything permanently — including my own conduct, my own filings, my own errors, all published on the same site under my own name. "Your friends, families, employers, and neighbors will see the truth" alleges no guilt: it does not say you did this or you'll pay for that. It says the truth — whatever the record shows, action or inaction regarding the serious abuse reported — will be visible. If the record shows the OIPC acted properly, then what follows them for the rest of their lives is a record of proper action. A promise to permanently record someone's good deed is no threat at all; the promise only reads as threatening if one presumes the deed will not survive scrutiny.
And the promise is nothing the OIPC does not already live under. The OIPC is a public-facing body. Its decisions, its published reviews, its correspondence on the public record persist forever and follow the office — and me — for the rest of our respective existences. No one calls the permanent public record of a regulator's decisions a threat against the citizens named in them. A citizen maintaining the same kind of permanent public record of a regulator's decisions is no different. A threat imposes a verdict; this defers to a public record where all evidence has been made publicly available, unbiased — which also allows them to defend themselves. That is the opposite of a threat.
"Covertly recording conversations"
The notice's final ground is headed "Covertly recording conversations." It refutes itself in its own first sentence: the package "contains the statement 'all my interactions with the OIPC are recorded.'" I told them. Recording you disclose in writing is not covert — covert means hidden, and I handed them the disclosure. The office labelled as secret the very thing I openly declared to them.
Nor is it unlawful. Canada is a one-party-consent jurisdiction: recording a conversation to which you are a party is expressly exempted from the interception offence by s. 184(2)(a) of the Criminal Code, which excludes a person who has the consent of a party "intended by the originator to receive" the communication. The offence in s. 184(1) applies to intercepting communications you are not part of — not to a participant recording their own call. I was a party to every call. The OIPC's assertion — "Unless you receive permission from the person you are speaking to, you do not have permission to record conversations" — is not the law. Indeed, "the person you are speaking to" is precisely who s. 184(2)(a) says need not grant permission when the recorder is a party to the call.
The office then defeats its own finding. Having called the recording "covert" and impermissible, the notice continues: "If the purpose of the recording is to ensure that you have something to reflect on, we recommend you communicate by emails only. This way, it will be recorded but will not be breaching someone's privacy." In one sentence the OIPC endorses the purpose (a reliable record) and the function (recording) it had just condemned — objecting only to the medium. It even supplies my legitimate reason for me: something to reflect on. That is not the description of unreasonable behaviour. It is the description of a person keeping a careful record, which the office concedes is reasonable in the same breath it files it under the Unreasonable Behaviour Policy. It is a direct contradiction and retaliation for lawful, common sense actions.
The Unsigned Letter
The notice makes personal-conduct allegations against a named citizen and closes: "Yours sincerely, The Office of the Information and Privacy Commissioner for Nova Scotia." No named author. No signature. The same letter objects that my package "contains multiple references [to] police investigations against two named OIPC staff members" — the naming of staff is treated as an aggravating feature of my conduct, while the office issues its own conduct findings against me anonymously. A body that considers the naming of its personnel intolerable, while declining to attach a single name to allegations it publishes against a citizen, is asserting an asymmetry, not a policy.
The letter is copied to Corporate Security and the Department of Justice. The Department of Justice therefore received the office's characterization of my conduct — including the claim of "references [to] police investigations against two named OIPC staff members" — without the two case numbers, RCMP 2025-21595 and CSIS Attachment5566, that would have allowed anyone at DOJ to verify what was actually submitted. The office distributed the accusation and withheld the means of checking it, from the one recipient whose function is to check.