Search

Displaying 1 - 20 of 30

Toronto Public Library cyberattack: A wake-up call for stronger security

Toronto Public Library cyberattack: A wake-up call for stronger security … Case of Note: File MR23-00112 Background In November 2023, the Toronto Public Library (TPL) reported a cybersecurity breach to the Office of the Information and Privacy Commissioner of Ontario (IPC). The breach, which …

Resource

- Published on March 14, 2025

Ensuring secure disposal of health records: Out of sight is not out of mind!

Ensuring secure disposal of health records: Out of sight is not out of mind! … Case of Note: PHIPA Decision 266 Background A complaint was brought to the Information and Privacy Commissioner of Ontario (IPC) alleging that a health clinic had failed to securely dispose of records of personal health …

Resource

- Published on February 10, 2025

Lost and found: Preserving abandoned health records

Lost and found: Preserving abandoned health records … Case of Note: PHIPA Decision 221 (interim) and PHIPA Decision 230 (final) Background The Information and Privacy Commissioner of Ontario (IPC) was contacted about a case of potentially abandoned medical records at a storage facility. The report …

Resource

- Published on January 7, 2025

Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA

Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA … A cyberattack on the Toronto Public Library exposed vulnerabilities in its systems that contained a significant number of individuals’ personal information. Read the …

Resource

- Published on December 19, 2024

Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter

Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter … Case of Note: PHIPA Decision 260 Background A public hospital was alerted to suspicious activity on a patient chart, and initiated an investigation, which included a targeted audit. The audit …

Resource

- Published on November 18, 2024

Reported Breach HR23-00282

Reported Breach HR23-00282 … A prescribed person under the Personal Health Information Protection Act reported a breach to the IPC regarding a cyberattack that involved the unauthorized copying of approximately 3.4 million individuals’ personal health information from the prescribed person’s secure …

Resource

- Published on August 14, 2024

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA … Background The following decisions involved different cyberattacks against four different organizations. Three involved health information custodians (HICs) subject to the Personal Health Information Protection Act (PHIPA), …

Resource

- Published on August 2, 2024

Ensuring health data privacy: Insights from the UTOPIAN case

Ensuring health data privacy: Insights from the UTOPIAN case … Case of Note: PHIPA Decision 243 Introduction Health information research plays a vital role in improving medical treatments and the quality of care. To conduct health research, researchers require access to personal health …

Resource

- Published on July 29, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Case of Note: PHIPA Decision 249 Introduction Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and …

Resource

- Published on July 18, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and cause harm to others. As these types of …

Resource

- Published on July 18, 2024

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA

Basic page

- Published on August 2, 2024

Ensuring health data privacy: Insights from the UTOPIAN case

Basic page

- Published on July 29, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Basic page

- Published on July 18, 2024

2023 Annual Report

2023 Annual Report … Beyond Imagination: Planning for Ontarians’ Digital Future Digital Annual Report News release Statistical Report Full statistics for 2023 … 2023 Annual …

Annual Report

- Published on June 5, 2024

IPC Practices #1 - Responding to a Request for Information

IPC Practices #1 - Responding to a Request for Information … IPC Practices #1 - Responding to a Request for Information …

Resource

- Published on October 28, 2019

IPC Practices No. 1 - Drafting a Letter Refusing Access to a Record

IPC Practices No. 1 - Drafting a Letter Refusing Access to a Record … Tip sheet for government organizations on handling information … IPC Practices No. 1 - Drafting a Letter Refusing Access to a …

Resource

- Published on November 4, 2005

IPC Practices No. 15 - Clarifying Access Requests

IPC Practices No. 15 - Clarifying Access Requests … Tip sheet for government organizations on handling information … IPC Practices No. 15 - Clarifying Access …

Resource

- Published on September 24, 2003

IPC Practices No. 14 - The Indirect Collection of Personal Information

IPC Practices No. 14 - The Indirect Collection of Personal Information … Tip sheet for government organizations on handling information. … IPC Practices No. 14 - The Indirect Collection of Personal …

Resource

- Published on September 24, 2003

IPC Practices No. 8 - Providing Notice of Collection

IPC Practices No. 8 - Providing Notice of Collection … Tip sheet for government institutions on information management. … IPC Practices No. 8 - Providing Notice of …

Resource

- Published on September 24, 2003

IPC Practices No. 9 - Responding to Requests for Personal Information

IPC Practices No. 9 - Responding to Requests for Personal Information … Tip sheet for government organizations on handling information … IPC Practices No. 9 - Responding to Requests for Personal …

Resource

- Published on September 24, 2003