Today we released our 2016 Annual Report, Facing Challenges Together, in which Commissioner Brian Beamish calls on the government to modernize Ontario’s access and privacy laws to better protect Ontarians’ rights, especially in the era of big data.
In his report, the Commissioner makes seven significant recommendations. One recommendation urges the government to pass legislation that expressly authorizes information sharing for policy and research purposes, and establishes a strong, government-wide framework for big data projects.
More than ever, public institutions use sophisticated analytical tools to improve policy and program development, enhance system planning and ensure efficient resource allocation and performance monitoring. The growing use of technology presents complex challenges for Ontario’s public sector, and demands that government update antiquated laws that were drafted before the rapid advancement in information technology. As government processes evolve, the Commissioner, once again, calls for legislative changes that support data integration projects, and come with accountable, effective governance and oversight to safeguard individual privacy rights.
The Commissioner also tabled the following recommendations in his report:
Clarify Solicitor-Client Privilege Exemption – Ontario’s access laws should be amended to affirm the power of the IPC to access documents for which institutions claim the solicitor-client privilege exemption. Amendments should explicitly state that providing records to the IPC does not constitute a waiver of solicitor-client privilege. Amendments will ensure that the IPC’s ability to adjudicate the solicitor-client privilege exemption is not undermined.
Framework for Electronic Health Records – Provisions in Bill 119, the Health Information Protection Act, relating to the shared provincial electronic health record have yet to be proclaimed, and are essential for ensuring that an effective governance framework is in place. The Commissioner is urging the government to move forward with proclamation of these provisions to ensure patient privacy and the protection of personal health information (PHI).
Increased Transparency of Ontario’s Medical System – Bill 84, the Medical Assistance in Dying Statute Law Amendment Act, excludes access to information identifying medical facilities that provide assisted dying services. Despite the IPC’s recommendation, amendments to the bill were not included to make this information accessible. The Commissioner urges health care institutions to disclose this information.
Ensure the Security of Abandoned Health Records – A comprehensive multi-prong approach, including legislation, is needed to ensure that health records are properly secured when a health information custodian ceases to practice and that those records are available to patients on request.
Public Disclosure of Health Privacy Breach Prosecutions – The government should routinely publicize the details of health privacy breach prosecutions to send a strong message that unauthorized access to PHI will not be tolerated.
Routine Audits of Freedom of Information Practices – All Ontario institutions – municipal and provincial – should routinely review their FOI practices to apply consistent and correct practices to managing access requests.
The Commissioner’s full recommendations, the year in review and comprehensive freedom of information requests statistics including, compliance rates, appeals and privacy complaints are available in the IPC’s 2016 Annual Report, Facing Challenges Together.