Showing 15 of 525 results
File Numbers | Type | Collection | Adjudicators | Date Published | |
---|---|---|---|---|---|
MR16-6 | Privacy Complaint Report | Privacy Reports | Trish Coyle | Read moreExpand | |
The Office of the Information and Privacy Commissioner of Ontario (IPC) was contacted by Innisfil Hydro Distribution Systems Limited (Innpower) to report a privacy breach under the Municipal Freedom of Information and Protection of Privacy Act (the Act). Innpower informed the IPC that the laptop of one of its contractors had been stolen from a university library and that the laptop contained the unencrypted personal information of its customers. Given that the unencrypted personal information was disclosed by way of a theft, the disclosure was not consistent with section 32 of the Act. This report finds that Innpower responded adequately to the breach. |
|||||
HC15-74 | Order - PHIPA | Health Information and Privacy | Frank DeVries | Read moreExpand | |
The complainant, a patient of Dr. Philip Solomon, requested that Dr. Solomon disclose to another health information custodian records of her personal health information relating to a specified treatment. The complainant subsequently amended her consent in a number of follow-up communications with Dr. Solomon and his office. |
|||||
PI16-3 | Privacy Complaint Report | Privacy Reports | Lucy Costa | Read moreExpand | |
The Office of the Information and Privacy Commissioner/Ontario opened a Commissioner Initiated Privacy Complaint under the Freedom of Information and Protection of Privacy Act (the Act), against the Ministry of Community Safety and Correctional Services (the ministry). The complaint relates to concerns regarding the collection and destruction of personal information contained in a recording which was made by a police officer with his personal cell phone during a traffic stop. In this Privacy Complaint Report I conclude that I am unable to make a finding as to whether the record at issue contained personal information as defined in section 2(1) of the Act, however, I conclude that if the recording had contained the personal information of the requester, it would have been an authorized collection under section 38(2). |
|||||
MC16-7, MC16-8 | Privacy Complaint Report | Privacy Reports | Trish Coyle | Read moreExpand | |
The Office of the Information and Privacy Commissioner received identical complaints from two individuals (the complainants), alleging that the Ottawa Police Service (the police) inappropriately disclosed personal information pertaining to criminal charges against the complainants, to their employer, Correctional Services Canada (CSC), contrary to the Municipal Freedom of Information and Protection of Privacy Act (the Act). In January 2017, all criminal charges against the complainants were withdrawn. This Privacy Complaint Report concludes that the police’s disclosure of the complainants’ personal information to CSC was not consistent with section 32 of the Act. |
|||||
MC16-10 | Privacy Complaint Report | Privacy Reports | Jeffrey Cutler | Read moreExpand | |
The Office of the Information and Privacy Commissioner of Ontario received a complaint alleging that the Township of McGarry (the Township) contravened the Municipal Freedom of Information and Protection of Privacy Act (the Act) when it disclosed a resident’s personal information to a third-party who in turn contacted the resident to advertise their services. The Privacy Complaint Report concludes that the Township’s use and disclosure of the personal information was not in accordance with sections 31 and 32 of the Act. |
|||||
PA15-357 | Order | Access to Information Orders | Diane Smith | Read moreExpand | |
The Ministry of Finance (the ministry) received an access request under the Freedom of Information and Protection of Privacy Act (FIPPA) for non-public communications from the Insurance Bureau of Canada (IBC), as well as follow-up exchanges, meeting notes and agendas on automobile insurance topics. The ministry denied access to the records in full or in part, citing the mandatory Cabinet records exemption in section 12(1) and the discretionary advice or recommendations exemption in section 13(1). This order finds that the records are not exempt under these exemptions. |
|||||
HA16-137 | Order - PHIPA | Health Information and Privacy | Rita Najm | Read moreExpand | |
The complainant sought access to records of her personal health information from Dr. Mary Elizabeth McIntyre (Dr. McIntyre). This order determines that Dr. McIntyre is deemed to have refused the complainant’s request for access. Dr. McIntyre is ordered to provide a response to the complainant regarding her request for access to records of her personal health information in accordance with the Personal Health Information Protection Act, 2004, and without recourse to a time extension, no later than February 10, 2017. |
|||||
HC15-106, HC15-105 | Order - PHIPA | Health Information and Privacy | Jenny Ryu | Read moreExpand | |
The complainants, the daughters of a deceased patient of Dr. Fausto Michael Cianfrone and Woodview Medical Pharmacy (the pharmacy), filed complaints about the pharmacy’s disclosure to Dr. Cianfrone, and Dr. Cianfrone’s concomitant collection, and subsequent use and disclosure, of their mother’s prescription information after her death. This information was relevant to an investigation by the College of Physicians and Surgeons of Ontario into the complainants’ allegations about Dr. Cianfrone’s treatment and care of their mother before her death, particularly in relation to his prescribing of medication to her. |
|||||
MC14-5 | Privacy Complaint Report | Privacy Reports | Jeffrey Cutler | Read moreExpand | |
The Office of the Information and Privacy Commissioner of Ontario received a complaint alleging that the Hamilton-Wentworth Catholic School Board (the Board) contravened the Municipal Freedom of Information and Protection of Privacy Act (the Act) when it disclosed the complainant’s son’s Ontario School Record (OSR) during a proceeding filed against the Board with the Human Rights Tribunal of Ontario (HRTO). The Privacy Complaint Report concludes that the Act prevails over the confidentiality provisions in sections 266(2) and 266(10) of the Education Act. The Board’s disclosure of the personal information from the OSR to the HRTO was in accordance with section 51 of the Act. |
|||||
MC11-73 | Privacy Complaint Report | Privacy Reports | Jeffrey Cutler | Read moreExpand | |
The Office of the Information and Privacy Commissioner of Ontario received a complaint alleging that the York Region District School Board (the Board) contravened the Municipal Freedom of Information and Protection of Privacy Act (the Act) when it disclosed the complainant’s son’s Ontario School Record (OSR) during a proceeding filed against the Board with the Human Rights Tribunal of Ontario (HRTO). The Privacy Complaint Report concludes that the Act prevails over the confidentiality provisions in section 266(2) and 266(10) of the Education Act. The Board’s disclosure of the personal information from the OSR to the HRTO and the Board’s legal counsel was in accordance with sections 51 and 32(d) of the Act, respectively. |
|||||
MC13-60 | Privacy Complaint Report | Privacy Reports | Jeffrey Cutler | Read moreExpand | |
The complainant, whose residence is adjacent to the Monsignor Fraser College (the School) in Toronto, expressed concern with the use of video surveillance at the School, which is operated by the Toronto Catholic District School Board (the Board). The Information and Privacy Commissioner/Ontario (the IPC) finds that the Board’s collection of the personal information within the School property is in accordance with section 28(2) of the Municipal Freedom of Information and Protection of Privacy Act (the Act). However, the collection of personal information from outside the School’s property is not in accordance with section 28(2) of the Act. The IPC makes recommendations regarding the collection of personal information from outside the School’s property and revision of the Board’s notice and policy on video surveillance. |
|||||
MA14-94 | Order - Interim | Access to Information Orders | Diane Smith | Read moreExpand | |
Brantford Hydro Inc. (BHI) received a request under the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) for access to its Board of Directors’ meeting minutes for the years 2010 to 2013. BHI located 33 sets of minutes and denied access to them pursuant to sections 6(1)(b) (closed meeting), 7(1) (advice or recommendations), 10(1) (third party information), 11 (economic or other interests), and 12 (solicitor-client privilege). |
|||||
MC13-67 | Privacy Complaint Report | Privacy Reports | Jeffrey Cutler | Read moreExpand | |
The Office of the Information and Privacy Commissioner of Ontario received a complaint alleging that the City of Vaughan (the City) contravened the Municipal Freedom of Information and Protection of Privacy Act (the Act) when making the complainant’s personal information available on the Internet in relation to a minor variance application made under the Planning Act. In response, this office opened a privacy complaint file to determine if the disclosure of the complainant’s personal information was in compliance with the Act. The Privacy Complaint Report concludes that the City’s decision to disclose the complainant’s personal information via the Internet is not in contravention of the Act. However, the Report recommends that the City consider implementing privacy protective measures that obscures this type of information from search engines and automated agents. |
|||||
MC13-46 | Privacy Complaint Report | Privacy Reports | Jeffrey Cutler | Read moreExpand | |
The complainant, whose child attended the St. Thomas Aquinas Catholic School in Oakville (the School), expressed concern with the use of video surveillance at the School, which is operated by the Halton Catholic District School Board (the Board). The Office of the Information and Privacy Commissioner/Ontario (the IPC) finds that the Board’s collection of the personal information is not in accordance with section 28(2) of the Municipal Freedom of Information and Protection of Privacy Act (the Act). The IPC recommends that the Board conduct an assessment of the video surveillance system at the School in a manner consistent with the Act, the Board’s internal policy and this Report. |
|||||
HR14-59 | Order - PHIPA | Health Information and Privacy | Brian Beamish | Read moreExpand | |
Rouge Valley Health System (the Hospital) reported two separate breaches of patient privacy involving allegations that Hospital employees used and/or disclosed the personal health information of mothers for the purposes of selling or marketing RESPs. This Order finds that personal health information was used and disclosed in contravention of the Act, and that the Hospital failed to comply with sections 12(1), and 10(1) and (2) of the Act. The Order requires the Hospital to: 1. In relation to all of the Hospital’s electronic information systems, implement the measures necessary to ensure that the Hospital is able to audit all instances where agents access personal health information on its electronic information systems, including the selection of patient names on the patient index of its Meditech system. 2. In relation to the Hospital’s Meditech system: a) Work with the Hospital’s Hosting Provider to review and amend the service level agreement between the Hospital and the Hosting Provider to clarify the responsibility for the creation, maintenance and archiving of user activity logs generated by the Hospital’s use of its Meditech system, and ensure that the user activity logs are available to the Hospital for audit purposes. b) Work with Meditech or another software provider to develop a solution that will limit the search capabilities and search functionalities of the Hospital’s Meditech system so that agents are unable to perform open-ended searches for personal health information about individuals, including newborns and/or their mothers, and can only perform searches based on the following criteria: health number, medical record number, encounter number, or exact first name, last name and date of birth. 3. Review and revise its Privacy Audits policy, the Pledge of Confidentiality policy and the Pledge of Confidentiality, and the Privacy Advisory in accordance with the comments and findings made in this Order, and take steps to ensure that it complies with the Privacy Audits policy. 4. Develop a Privacy Training Program policy, a Privacy Awareness Program policy, and a Privacy Breach Management policy in accordance with the comments and findings made in this Order. 5. Immediately review and revise its privacy training tools and materials in accordance with the comments and findings made in this Order. 6. Using the privacy training materials developed in accordance with Order provision 5: a) immediately conduct privacy training for all agents in clerical positions in the Hospital; and b) conduct privacy training for all other agents by June 16, 2015. 7. Provide this office with proof of compliance with all of the Order provisions by September 16, 2015. |