Role and Mandate of the IPC Office
Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA), which came into effect on January 1, 1988, establishes an Information and Privacy Commissioner (IPC) as an officer of the Legislature. The Commissioner is appointed by and reports to the Legislative Assembly of Ontario and is independent of the government of the day.
The term “freedom of information” refers to public access to general records relating to the activities of government, ranging from administration and operations to legislation and policy. It is an important aspect of open and accountable government. Privacy protection is the other side of that equation, and refers to the safeguarding of personal information held by government.
FIPPA applies to all provincial ministries and most provincial agencies, boards and commissions, as well as to universities and colleges of applied arts and technology. The Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), which came into effect January 1, 1991, broadened the number of public institutions covered by Ontario’s freedom of information and privacy legislation. It covers local government organizations, such as municipalities, police, library, health and school boards, and transit commissions.
The Personal Health Information Protection Act, 2004 (PHIPA), came into force on November 1, 2004, and governs the collection, use and disclosure of personal health information within the health-care system. It is the third of the three provincial laws that the IPC oversees.
Together, these three Acts establish rules about how government organizations and health information custodians may collect, use, and disclose personal data. They also establish a right of access that enables individuals to request their own personal information and have it corrected if necessary.
The Commissioner plays a crucial role under each of the three Acts. In general terms, the Commissioner’s mandate is to:
- independently review the decisions and practices of government organizations concerning access and privacy;
- independently review the decisions and practices of health information custodians in regard to personal health information;
- conduct research on access and privacy issues;
- provide comment and advice on proposed government legislation and programs;
- review the personal health information policies and practices of certain entities under PHIPA; and
- help educate the public about Ontario’s access, privacy and personal health information laws and related issues.
The Commissioner delivers on this mandate by fulfilling seven key roles:
- resolving appeals when government organizations refuse to grant access to information;
- investigating privacy complaints related to government-held information;
- ensuring that government organizations comply with the Acts;
- conducting research on access and privacy issues and providing advice on proposed government legislation and programs;
- educating the public about Ontario’s access, privacy and personal health information laws and access and privacy issues;
- investigating complaints related to personal health information; and
- reviewing policies and procedures, and ensuring compliance with PHIPA.
In accordance with the Acts, the Commissioner has delegated some decision-making powers to his staff. Thus, the Assistant Commissioner (Privacy), Assistant Commissioner (Access) and other designated staff may issue orders, resolve appeals, and investigate privacy complaints.