IPC - Office of the Information and Privacy Commissioner/Ontario | What's New http://www.ipc.on.ca en-us IPC launches inquiry into alleged TDSB report tampering http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=346 The <A href="http://www.thestar.com/yourtoronto/education/2014/10/17/toronto_trustee_document_tampering_prompts_probe_by_privacy_commissioner.html">Toronto Star</A> spoke with Commissioner Brian Beamish yesterday about the IPC inquiry into the alleged tampering of TDSB documents by school board trustees and staff:&nbsp;<BR> <BR> <EM>"Any allegation of tampering is something we take very seriously,” Beamish said. "We were very concerned” when we saw the article, Beamish added. “We knew that we needed to act quickly to investigate.”&nbsp; The IPC contacted the board Thursday, and is now “gathering some documents (Thursday and Friday) and we plan on meeting with staff early next week,” Beamish said. </EM> Fri, 17 Oct 2014 00:00:00 GMT Commissioner Brian Beamish's statement on the breach of Rob Ford's personal health information http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=347 <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><FONT face=Calibri>Mount Sinai Hospital informed us in mid-September when they confirmed the breach. Since then, we have been working with the hospital to review the steps that were taken to protect the Mayor’s health information prior to his admission, and actions taken after the breach was discovered. We will be reviewing this with the hospital to determine if additional actions are required. Based on our work with the hospital to date, we have not seen the need to open a formal investigation.&nbsp; <o:p></o:p></FONT></P> Fri, 17 Oct 2014 00:00:00 GMT Commissioner Brian Beamish's statement on the alleged alteration of TDSB records http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=345 <P style="TEXT-ALIGN: justify"><SPAN>The IPC is aware of the recent allegations regarding possible alteration of Toronto District School Board records subject to a freedom of information request as outlined in this morning’s <I>Toronto Star</I> story “<A href="http://www.thestar.com/yourtoronto/education/2014/10/16/trustees_tampered_with_foi_request_for_expense_reports_emails_suggest.html">Trustees lashed for report ‘tampering'</A>.”&nbsp; As a result, the IPC is moving forward immediately with an inquiry into these allegations.&nbsp; If proven, these actions would raise significant concerns about the transparency and accountability of the Board and its compliance with the <I>Municipal Freedom of Information and Protection of Privacy Act</I>.</SPAN></P> Thu, 16 Oct 2014 00:00:00 GMT Toronto police ordered to release records http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=342 The Toronto police have been ordered by IPC adjudicator Colin Bhattacharjee to release documents pertaining to an "unusually significant police response" as there is a "compelling public interest" in the documents' disclosure.&nbsp; <BR> <BR> The <A href="http://www.thestar.com/news/crime/2014/10/13/toronto_police_assigned_18_officers_to_probe_windsor_rd_breakin.html">Toronto Star</A> reports that 18 officers were assigned to investigate a break-in and assault at a Windsor Road home days after the media had reported that the Mayor of Toronto was filmed using drugs in the house.&nbsp; <BR> <BR> View the full <A href="http://www.ipc.on.ca/english/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9622">order</A>. Tue, 14 Oct 2014 00:00:00 GMT Right to Know Week: Improving Access to Information in Ontario http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=341 <EM>Acting Commissioner Brian Beamish shares his thoughts on the future of access to information in Ontario:</EM><BR> <BR> This week in Canada, we recognize <A href="http://www.freedominfo.org/regions/global/rtk-day/">Right to Know Day</A> on September 28th and celebrate <A href="http://www.oic-ci.gc.ca/rtk-dai-eng/">Right to Know Week</A>. Since 2002, approximately 40 countries have marked the occasion in order to raise awareness of an individual’s right to access government-held information, while promoting freedom of information (FOI) as essential to both democracy and good governance. The week presents us with an excellent opportunity to highlight recommendations to improve accessibility to government-held information. <BR> <BR> In Ontario, it has now been more than 25 years since the <EM><A href="http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_90f31_e.htm">Freedom of Information and Protection of Privacy Act </A></EM>and the <EM><A href="http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_90m56_e.htm">Municipal Freedom of Information and Protection of Privacy Act</A></EM> were passed in order to form the foundation of our access to information infrastructure. For the most part, the <EM>Acts</EM> have served the province well; however, there is still room for improvement. <BR> <BR> The following recommendations distinguish between two key concepts: the formal FOI system, as set out in our provincial and municipal <EM>Acts</EM>, and the other means of fostering access to government-held information – both are necessary to improve access to information in Ontario. <BR> <BR> <STRONG>Recommendations for Modernizing FOI Laws <BR> </STRONG><BR> In terms of the formal process, my office has called upon the government to re-examine the <EM>Acts</EM> and modernize the legislation, most recently in our <A href="http://annualreport.ipc.on.ca/commissioners-message/commissioners-recommendations-2/">2013 annual report</A>. The IPC was also one of the many information and privacy commissioners and ombudspersons’ offices to sign a resolution which outlined a vision for modernizing Canada’s access and privacy laws. The resolution, <EM><A href="https://www.priv.gc.ca/media/nr-c/2013/res_131009_e.asp">Modernizing Access and Privacy Laws for the 21st Century</A></EM>, contained a number of ideas on how FOI legislation should be updated. Some of the key recommendations included:<BR> <UL> <LI>Increasing the ability of institutions, and the IPC, to exercise the “public interest override” – when records can be released, even if exempt from disclosure under the Act because of an overriding public interest.<BR> <BR> <LI>Creating minimum standards of proactive disclosure – categories and classes of documents that must be made&nbsp;available in usable format.<BR> <BR> <LI>Establishing a requirement that for any new systems, government institutions must create them with access to&nbsp;information in mind. </LI> </UL> <P>Another concept in this resolution that dovetails with the work of our office is the necessity of creating a legislated duty to document. This would require all public entities to document their deliberations, actions and decisions. <BR> <BR> The need for a legislated duty to document was highlighted by an investigation conducted by our office last year, relating to a government decision to relocate two gas plants prior to the 2011 provincial election. Our report, <EM><A href="http://www.ipc.on.ca/English/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9181">Deleting Accountability: Record Management Practices of Political Staff</A></EM> found that the expectations for recordkeeping must be raised across the government. We also called on the government to create a legislated duty to document to ensure that the decision-making process is available for public scrutiny. <BR> <BR> Although the Ontario government has not yet followed up on that specific recommendation, it has taken significant and praiseworthy steps to comply with the other recommendations of our report as part of the introduction of <A href="http://www.ontla.on.ca/web/bills/bills_detail.do?locale=en&amp;Intranet=&amp;BillID=3000"><EM>Bill 8, the Public Sector and MPP Accountability and Transparency Act</EM></A>. If passed, this bill would strengthen transparency and accountability in the broader public sector. Specifically, the bill would amend the Acts to require that all institutions ensure reasonable measures are in place to preserve records in their custody or control in accordance with recordkeeping and retention requirements, rules or policies that apply to the institution. The <EM>Acts</EM> would also be amended to create an offence for altering, concealing or destroying a record with the intention of denying a right to access to the record. <BR> <BR> <STRONG>Fostering Greater Access to Government Information <BR> </STRONG><BR> We have seen great strides in the Open Data movement and the future holds tremendous promise. I think it is fair to say that some of our largest cities, such as Ottawa and Toronto, have become leaders in this field and the province also is actively pushing out information in a wide range of searchable data sets. However, there are a variety of ways to move forward in this area and foster greater access to information. A report released this spring, <EM><A href="https://www.ontario.ca/government/open-default-new-way-forward-ontario">Open by Default: A New Way Forward for Ontario</A></EM>, made a number of strong recommendations which my office firmly supports, including: </P> <UL> <LI>Publishing all government data in commonly accepted open standards, unless there are privacy, security or legal reasons for not doing so. The release of this data should be done in a timely manner, be available free of charge to&nbsp;the public, and ensure that no data is destroyed in the process.<BR> &nbsp; <LI>Give Ontarians the information they need to understand the government’s plans and&nbsp;priorities by proactively publishing key documents online, in an open format.&nbsp; </LI> </UL> <P></P> <UL> <LI>Restructuring the fees that institutions can charge to respond to FOI requests. An example, if an institution fails to&nbsp;respond to a request within 30 days, it could not impose a fee, but would be responsible for the cost of answering&nbsp;&nbsp;the request. Similarly, on a go-forward basis, fees could not be charged for responding to FOI requests for&nbsp;information held on new IT systems. In other words, those systems would need to be designed from the start with&nbsp;access to information in mind. </LI> </UL> <P>I strongly believe that following these recommendations would not only bring more transparency and accountability to government, but also lead to substantial cost savings and improved customer service. I hope that the provincial government will implement these recommendations and take a close look at further modernizing our access to information legislation. </P> Fri, 26 Sep 2014 00:00:00 GMT Survey generates privacy concerns http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=340 Questions&nbsp;in a&nbsp;survey for tenants of the London Municipal Housing Corporation sparked&nbsp;the&nbsp;<A href="http://www.lfpress.com/2014/09/24/mental-health-questions-cause-concern">London Free Press </A>to ask questions about&nbsp;the potential privacy implications.&nbsp; The questions which caused concern related to mental health and addiction. The survey was&nbsp;intended to be voluntary and&nbsp;anonymous; however, it was&nbsp;not clearly indicated. Acting Commissioner Brian Beamish suggested&nbsp;that if tenants don’t like the questions, “they should exercise their right to stop, tear up the form and walk away. The fact it is not compulsory and there are no identifiers gives me some comfort level, but I really hope the organization makes it really clear this is a voluntary survey.” Thu, 25 Sep 2014 00:00:00 GMT Peterborough Hospital PHIPA Lawsuit http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=339 <P style="TEXT-ALIGN: justify"><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'; FONT-SIZE: 12pt"><FONT style="FONT-SIZE: 10pt">The </FONT><A href="http://www.thestar.com/news/gta/2014/09/03/peterborough_lawsuit_to_set_precedent_for_ontario_patient_privacy_rights.html"><FONT style="FONT-SIZE: 10pt" color=#0000ff>Toronto Star</FONT></A><FONT style="FONT-SIZE: 10pt"> has reported on a lawsuit&nbsp;involving a&nbsp;Peterborough hospital that could have wide-ranging implications for patient privacy in all of Ontario’s hospitals. At issue, is whether </FONT></SPAN><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'; FONT-SIZE: 12pt"><FONT style="FONT-SIZE: 10pt">patients whose privacy has been breached can sue a hospital directly. The hospital in Peterborough has argued that the Superior Court has no jurisdiction to hear the lawsuit because under Ontario’s <I>Personal Health Information Protection Act</I>, (<I>PHIPA</I>) personal health information privacy violations are solely the domain of the Information and Privacy Commissioner of Ontario. However, Acting Commissioner, Brian Beamish has stated that his office does not have exclusive jurisdiction over matters of patient privacy and that <I>PHIPA</I> does not prevent the courts from hearing cases related to the improper handling of personal health information.</FONT> </SPAN></P> Wed, 03 Sep 2014 00:00:00 GMT TCDSB releases documents after extensive FOI battle http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=337 Documents pertaining to Toronto Mayor Ford’s football coaching role with the Toronto Catholic District School Board (TCDSB) were released Wednesday after a <A href="http://www.thestar.com/news/city_hall/toronto2014election/2014/08/28/rob_ford_threatened_teacher_made_players_roll_in_goose_scat_documents_show.html">lengthy freedom of information battle</A>. The TCDSB has initially declined the request for information. The IPC had ruled the documents should be released after the Toronto Star filed an appeal. Mayor Ford registered an appeal of this decision; however, after not presenting any arguments, the file was closed and the information was released. Fri, 29 Aug 2014 00:00:00 GMT Rouge Valley informs more patients of potential breach http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=338 This week, Rouge Valley Health System sent out <A href="http://www.thestar.com/news/gta/2014/08/27/rouge_valley_hospital_privacy_breach_affects_6000_more_patients.html">notices to additional patients </A>that their personal health information may have been misused by two former employees. As part of the investigation into the breach, it was discovered that the two employees may have accessed health information of patients from Ajax and Pickering campus before being terminated. The IPC is continuing to investigate this breach and will release a full report of our findings this fall. Fri, 29 Aug 2014 00:00:00 GMT IPC Launching Web Analytics Platform on September 15 http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=335 <P>On September 15, we will be implementing a privacy-protective web analytics platform called <A href="http://piwik.org/" target=_blank>Piwik</A>. This program will be hosted on our website and will be used to record non-identifiable information about your site visit. The data collected will be stored on the IPC web server and will not be shared with Piwik. We will also take this opportunity to update our <A href="/site_documents/2014-Proposed_Priv_Pol.htm" target=_blank>Privacy Policy</A>.</P> <P><STRONG>Why is the IPC Doing This?</STRONG></P> <P>By using a web analytics program the IPC can gain valuable insight into who is visiting our website, how often they visit, which content they view and how our website is being used. The results will also assist us in planning for a new website, expected to launch in early 2016. </P> <P><STRONG>What Data is the IPC Collecting?</STRONG><BR> <BR> The non-identifiable data that the Piwik software collects about your visit includes:</P> <UL type=disc> <LI>The operating system you are using. <LI>The type of device, model, and operating system you are using. <LI>Your browser type, plugins, and version. <LI>Pages you viewed on our site. <LI>The length of time you spent on our site. <LI>Which website referred you to the IPC website. <LI>The language of your browser. <LI>Your country (determined by Internet Protocol (IP) address). </LI> </UL> <P>The new analytics platform will not collect any identifiable information about you. </P> <P><STRONG>How Will the IPC Protect My Privacy?</STRONG></P> <P>The Piwik platform is one of the most privacy-protective analytics solutions available. Many government agencies trust Piwik (in Europe, Asia, North America, Africa) for providing self-hosted web analytics. In March 2011, the Independent Center for Privacy Protection in Germany (ULD) recommended Piwik as privacy-compliant web analytics software. In January 2014, the Center for Data Privacy Protection in France (CNIL) recommended Piwik as the only tool that can easily ensure full compliance with privacy regulations. The Centre for Democracy and Technology in the United States uses and recommends the platform.</P> <P>To protect your privacy, we have configured Piwik in the following manner:</P> <UL type=disc> <LI>We have configured the software to operate without using cookies. <LI>We will only retain the first two octets of your IP address. <LI>We have kept the default setting of the software to respect the DoNotTrack option in browsers. <LI>We will provide you with the option to opt-out of web analytics.&nbsp;This will set a cookie for Piwik to recognize your preference. <LI>All data collected will be deleted within one month and only aggregate data will be retained. </LI> </UL> <P>We will not share or disclose any information that we collect about our site visitors, except to report malicious attacks or as required by law.</P> <P><STRONG>Can I give feedback on this?</STRONG></P> <P>Absolutely, your feedback is always welcome! You are also invited to provide us with general feedback about our website. Please feel free to email us at <A href="mailto:info@ipc.on.ca">info@ipc.on.ca</A>.</P> Wed, 27 Aug 2014 00:00:00 GMT