Under Ontario’s privacy laws, public institutions are required to provide annual compliance statistics to the IPC, which we collate into an annual statistics report and use to provide insights into notable trends to the Ontario Legislative Assembly.    

In 2024, Ontarians submitted 70,293 freedom of information requests, more than a 6 per cent increase over the previous year.

Response rates, indicated by the number of access requests fulfilled within a 30-day timeframe, varied across sectors. For provincial institutions subject to FIPPA, over 78 per cent of access requests were completed within 30 days, signifying a notable improvement compared to 2023, when just 67 per cent of requests were completed within 30 days. 

Municipal institutions covered by MFIPPA completed 82 per cent of requests within 30 days, slightly higher than the previous year's rate of 80 per cent. This modest but steady improvement shows that many municipalities are continuing to make timely access to information a priority for their communities.

Ontarians submitted 117,595 requests for access to personal health information under PHIPA in 2024, up almost 12 per cent over the previous year. That nearly 98 per cent of requests were answered within 30 days speaks volumes about the commitment of health information custodians to upholding Ontarians’ access rights, even amid a notable year-over-year increase in demand.

Under the CYFSA, child and family service providers received 11,169 access requests for personal information, up two per cent over the previous year. Service providers completed over 75 per cent of requests within 30 days in 2024, a slight improvement from almost 73 per cent in 2023.

In 2024, health information custodians reported 11,970 breaches of personal health information, compared to 10,770 in 2023, representing an increase of seven per cent in privacy breaches across the sector. Misdirected faxes account for 5,047 of these. Despite repeatedly urging health information custodians to replace antiquated fax machines, misdirected faxes continue to be a persistent problem in the health care sector, representing almost 50 per cent of breaches. We look forward to seeing the fulfillment of government’s promise to finally “axe the fax” by 2028.

Service providers subject to the CYFSA reported 437 breaches of personal information, compared to 374 in 2023. The main cause of breaches in the child and family services sector was unauthorized disclosure, with the majority — 194 out of 351 — caused by misdirected emails.

While Ontario's public sector institutions were not subject to mandatory requirements to report privacy breaches to the IPC during the last reporting period, that will soon change – in part. As of July 1, 2025, new FIPPA amendments under Bill 194 will introduce a mandatory breach reporting obligation for provincial institutions. Although MFIPPA institutions do not have a similar mandatory requirement, the IPC strongly encourages and expects MFIPPA institutions to continue the practice of reporting significant breaches to our office.

An overview of 2024 tribunal statistics can be located on page 56 of this report, while a full breakdown of all submitted statistics can be found in the IPC's 2024 Statistical Report.

Read the full statistical report