2018 Annual Report: Privacy and Accountability for a Digital Ontario

Jun 27 2019


Today I released my 2018 annual report, Privacy and Accountability for a Digital Ontario, where I call for the modernization of Ontario’s privacy laws to address the risks posed by the increasing use of digital technologies.

Since my appointment as commissioner in 2015, I have emphasized the need to update our privacy laws, which continue to fall behind rapidly evolving digital technologies such as biometric sensors, big data analytics, and artificial intelligence. The technology available today has the potential to unlock many benefits for communities and enable governments to deliver services more effectively and efficiently. However, many collect, use, and generate massive amounts of data, including personal information. The use of data and technology must not come at the expense of privacy; Ontario needs an updated legislative framework that includes effective and independent oversight of practices related to personal information.

Political parties are also able to collect sensitive personal information and use it in ways that we could not have previously imagined. These advancements have revealed a widening gap in the protection and oversight of individual privacy rights.

The most effective way of holding political parties accountable for how they collect, use, and disclose our personal information is by making them subject to the privacy requirements set out in Ontario’s access and privacy laws. Amendments to provide regulation and oversight would demonstrate a commitment to accountability and respect for individual privacy.

I have also recommended that Ontario’s health sector seek to update its approach to privacy protection. My report details the impressive results realized through the use of artificial intelligence to curb unauthorized access. These technologies can identify minute anomalies in network systems, signalling breaches in real time. I would like to see the widespread use of AI to address the ongoing problem of unauthorized access in the health sector.

My 2018 annual report also reveals a troubling number of unauthorized disclosure incidents through misdirected faxes. The majority of the over 11,000 health information privacy breaches reported by the health sector were due to misdirected faxes or emails. This is unacceptable. In the United Kingdom, the Health and Social Care Secretary has banned the NHS from buying fax machines and intends to phase out their use by March 31, 2020. It is time for Ontario to follow the UK’s lead and implement a strategy to eliminate or reduce dependence on fax machines in the delivery of health care. As technologies evolve, so should our response to privacy risks.

Please see the annual report for our year in review and comprehensive statistics, such as freedom of information requests, compliance rates, appeals and privacy complaints.

Backgrounder

If you have any questions about the annual report or Ontario’s access and privacy laws, you can contact us at info@ipc.on.ca or 1-800-387-0073.

Brian Beamish
Commissioner