Search

Displaying 1 - 20 of 52

Toronto Public Library cyberattack: A wake-up call for stronger security

Toronto Public Library cyberattack: A wake-up call for stronger security … Case of Note: File MR23-00112  Background In November 2023, the Toronto Public Library (TPL) reported a cybersecurity breach to the Office of the Information and Privacy Commissioner of Ontario (IPC). The breach, which …

Resource

- Published on March 14, 2025

Ensuring secure disposal of health records: Out of sight is not out of mind!

Ensuring secure disposal of health records: Out of sight is not out of mind! … Case of Note:  PHIPA Decision 266 Background A complaint was brought to the Information and Privacy Commissioner of Ontario (IPC) alleging that a health clinic had failed to securely dispose of records of personal health …

Resource

- Published on February 10, 2025

Lost and found: Preserving abandoned health records

Lost and found: Preserving abandoned health records … Case of Note: PHIPA Decision 221 (interim) and PHIPA Decision 230 (final) Background  The Information and Privacy Commissioner of Ontario (IPC) was contacted about a case of potentially abandoned medical records at a storage facility. The report …

Resource

- Published on January 7, 2025

Reported Breach HR23-00282

Reported Breach HR23-00282 … A prescribed person under the Personal Health Information Protection Act reported a breach to the IPC regarding a cyberattack that involved the unauthorized copying of approximately 3.4 million individuals’ personal health information from the prescribed person’s secure …

Resource

- Published on August 14, 2024

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA … Background The following decisions involved different cyberattacks against four different organizations. Three involved health information custodians (HICs) subject to the Personal Health Information Protection Act (PHIPA), …

Resource

- Published on August 2, 2024

Ensuring health data privacy: Insights from the UTOPIAN case

Ensuring health data privacy: Insights from the UTOPIAN case … Case of Note: PHIPA Decision 243   Introduction Health information research plays a vital role in improving medical treatments and the quality of care. To conduct health research, researchers require access to personal health …

Resource

- Published on July 29, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Case of Note: PHIPA Decision 249 Introduction Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and …

Resource

- Published on July 18, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and cause harm to others. As these types of …

Resource

- Published on July 18, 2024

Digital Privacy Charter for Ontario Schools (printable)

Digital Privacy Charter for Ontario Schools (printable) … The IPC wants your feedback! We’ve launched a draft Digital Privacy Charter for Ontario Schools to help educators prepare young people to be safe and responsible digital citizens, and empower them to exercise their privacy and access rights. …

Resource

- Published on October 23, 2023

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA … Background The following decisions involved different cyberattacks against four different organizations. Three involved health information custodians (HICs) subject to the Personal Health Information Protection Act (PHIPA), …

Basic page

- Published on August 2, 2024

Ensuring health data privacy: Insights from the UTOPIAN case

Ensuring health data privacy: Insights from the UTOPIAN case … Case of Note: PHIPA Decision 243   Introduction Health information research plays a vital role in improving medical treatments and the quality of care. To conduct health research, researchers require access to personal health …

Basic page

- Published on July 29, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Case of Note: PHIPA Decision 249 Introduction Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and …

Basic page

- Published on July 18, 2024

Appeal Form (FIPPA/MFIPPA)

Appeal Form (FIPPA/MFIPPA) … A form for filing an appeal of a decision by a government organization relating to a request made under the provincial or municipal Freedom of Information and Protection of Privacy Act.  … Appeal Form …

Resource

- Published on July 6, 2022