IPC - Office of the Information and Privacy Commissioner/Ontario | What's New http://www.ipc.on.ca en-us Planning for Success: A Guide to PIAs http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=375 <SPAN style="TEXT-ALIGN: justify; WIDOWS: 1; TEXT-TRANSFORM: none; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; LETTER-SPACING: normal; FONT: 11px Verdana, Arial, sans-serif; WHITE-SPACE: normal; COLOR: rgb(105,105,105); WORD-SPACING: 0px; -webkit-text-stroke-width: 0px">Ontario public sector institutions must meet high standards of care and trust whenever collecting, using and disclosing personal and other sensitive information. Any public institution considering new information technologies, systems, and program services which may affect privacy are strongly encouraged to complete a privacy impact assessment (PIA).&nbsp;<BR> <BR> </SPAN><SPAN style="TEXT-ALIGN: justify; WIDOWS: 1; TEXT-TRANSFORM: none; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; LETTER-SPACING: normal; DISPLAY: inline !important; FONT: 11px Verdana, Arial, sans-serif; WHITE-SPACE: normal; FLOAT: none; COLOR: rgb(105,105,105); WORD-SPACING: 0px; -webkit-text-stroke-width: 0px">The IPC’s new guide, <A href="https://www.ipc.on.ca/english/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=1502">Planning for Success</A> provides institutions with step-by-step advice on how to carry out a PIA from beginning to end.&nbsp; </SPAN> Tue, 19 May 2015 00:00:00 GMT Commissioner interviewed by St. Catharines Standard on police use of body-worn cameras http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=374 <SPAN><FONT style="FONT-SIZE: 11pt">The Commissioner was interviewed by the&nbsp;</FONT><A href="http://www.stcatharinesstandard.ca/2015/05/06/cop-body-cams-open-privacy-issues"><FONT style="FONT-SIZE: 11pt" color=#0000ff>St. Catharines Standard</FONT></A><FONT style="FONT-SIZE: 11pt"> at our </FONT><A href="https://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=369"><FONT style="FONT-SIZE: 11pt" color=#0000ff>Reaching Out to Ontario</FONT></A><FONT face=Calibri><FONT style="FONT-SIZE: 11pt"><FONT style="FONT-SIZE: 11pt" face=Arial> event at Brock University on the issues regarding privacy and police use of body-worn cameras.</FONT></FONT></FONT></SPAN> Thu, 07 May 2015 00:00:00 GMT IPC Orders City of Markham to Reconsider Release of Documents http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=373 As covered in this past weekend’s <A href="http://www.thestar.com/news/gta/2015/04/05/markham-ordered-to-reconsider-its-secrecy-on-failed-arena-project.html">Toronto Star</A>, the IPC has ordered the City of Markham to reconsider the disclosure of various reports pertaining to proposals for the construction of an arena. In&nbsp;two new interim Orders, <A href="https://www.ipc.on.ca/english/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9791">MO-3176-I</A> and <A href="https://www.ipc.on.ca/english/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9792">MO-3177-I</A>, Adjudicator Stella Ball ordered one record released and ordered the city to reconsider some of its discretionary exemption claims. Each decision sets out timelines for the City to respond to the IPC.&nbsp; Tue, 07 Apr 2015 00:00:00 GMT Reaching Out to Ontario: Niagara Region http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=369 <TABLE cellSpacing=0 cellPadding=3 width=550 align=center bgColor=#ffffff border=0> <TBODY> <TR> <TD style="FONT-SIZE: 24px; COLOR: #ffffff; LINE-HEIGHT: 28px" bgColor=#ffffff vAlign=top colSpan=8 align=center> <DIV align=center><A href="www.realprivacy.ca/index.php/international-privacy-day-symposium/" border="0"><IMG border=0 alt="" src="http://www.ipc.on.ca/site_images/roto2015-niagara_invite.jpg" width=500 height=140></A></DIV> </TD> </TR> <TR> <TD colSpan=8 align=center><STRONG>May 6, 2015 - 9:00 to 11:00 a.m.<BR> Brock University<BR> Academic South Block<BR> 500 Glenridge Ave., Saint Catharines</STRONG></TD> </TR> <TR> <TD style="COLOR: #000" height=200 vAlign=top colSpan=8 align=left> <P>Ontario's new Information and Privacy Commissioner is coming to the Niagara Region. <A style="COLOR: #488793" href="https://www.ipc.on.ca/english/About-Us/About-The-Commissioner/" target=_blank>Brian Beamish</A> will be visiting Brock University on May 6, to engage with regional stakeholders and to talk about the trends and future direction of access to information and protection of privacy. There will also be two panel sessions. One will discuss the changing nature of access to government-held information and the evolution to a more transparent and accountable government, while the other examines the many challenges of protecting personal health information in electronic environments. Please join us and be part of the discussion about how we can build a better province where our privacy is protected and governments remain accountable. </P> <TABLE cellSpacing=5 cellPadding=5 width="100%" align=center bgColor=#c4e4e3 border=0> <TBODY> <TR> <TD vAlign=top colSpan=3 align=center cellpadding="0" cellspacing="0">Agenda</TD> </TR> <TR> </TR> <TR> <TD vAlign=top width="18%" align=left><STRONG>9:00 am</STRONG></TD> <TD vAlign=top width="82%" colSpan=2 align=left>Registration</TD> </TR> <TR> <TD vAlign=top align=left><STRONG>9:30 am</STRONG></TD> <TD vAlign=top colSpan=2 align=left>Presentation from the Commissioner </TD> </TR> <TR> <TD vAlign=top align=left><STRONG>10:00 -<BR> 11.00 am</STRONG></TD> <TD vAlign=top colSpan=2 align=left> <P>Concurrent panel sessions:</P> <OL type=A> <LI>Working towards a more transparent and accountable government <UL> <LI>David Goodis, Assistant Commissioner <LI>Sherry Liang, Assistant Commissioner <LI>Elsé Khoury, Manager of Information Services for Niagara Region</LI> </UL> <LI>Protecting personal health information in an electronic environment <UL> <LI>Manuela DiRe, Director of Legal Services <LI>Debra Grant, Director of Health Policy </LI> </UL> </LI> </OL> </TD> </TR> </TBODY> </TABLE> <P style="COLOR: #000; TEXT-ALIGN: justify"><STRONG>EVENT DETAILS</STRONG><BR> <STRONG>Date: </STRONG>May 6, 2015<BR> <STRONG>Registration: </STRONG>9.00 a.m. - 9:30 a.m.<BR> <STRONG>Location:</STRONG> Brock University, 500 Glenridge Ave., Saint Catharines (<A style="COLOR: #488793" href="https://maps.google.ca/maps?ie=UTF-8&amp;gl=ca&amp;q=brock+university&amp;ei=UBgDVZG5EMP1ggSapoPIDg&amp;sqi=2&amp;ved=0CHkQ_BIwDw&amp;output=classic&amp;dg=brw" target=_blank>Map</A>) - Academic South Block, Rooms AS203 &amp; AS204 (<A style="COLOR: #488793" href="http://www.brocku.ca/blogs/campus-map/?center_lat=43.1187668&amp;center_lng=-79.2512207&amp;open_post_id=149" target=_blank>Campus Map</A>)</P> <P>This event may be televised by TVCOGECO.<BR> <BR> There is no cost for the event, but we kindly ask that you RSVP. Please specify which session you would like to attend. </P> <TABLE style="COLOR: #000000" borderColor=#488793 height=59 cellSpacing=5 cellPadding=5 width="50%" align=center border=3> <TBODY> <TR> <TD style="COLOR: #000000; BACKGROUND-COLOR: #333" width="25%" align=center> <P style="FONT-SIZE: 14px; TEXT-DECORATION: none; COLOR: #fff"><STRONG>RSVP</STRONG></P> </TD> <TD style="COLOR: #000000" width="25%" align=center><STRONG><A style="FONT-SIZE: 14px; COLOR: #488793" href="mailto:rsvp@ipc.on.ca?subject=Attending">Yes</A></STRONG></TD> <TD style="COLOR: #000000" width="25%" align=center><STRONG><A style="FONT-SIZE: 14px; COLOR: #488793" href="mailto:rsvp@ipc.on.ca?subject=Regrets">No</A></STRONG></TD> </TR> </TBODY> </TABLE> <BR> </TD> </TR> <TR> <TD bgColor=#004900 colSpan=8> <P style="COLOR: #fff"><STRONG>SPEAKERS</STRONG></P> </TD> </TR> <TR> <TD colSpan=8 align=left><BR> <IMG border=0 alt="Brian Beamish" src="http://www.ipc.on.ca/site_images/Brian-Beamish-web-sm.jpg" width=72 align=left height=108><STRONG>Brian Beamish, Commissioner </STRONG><BR> <BR> Brian Beamish first began his career at the office of the Information and Privacy Commissioner (IPC) in 1999, as Director of Policy and Compliance. This was followed by his appointment to Assistant Commissioner in 2005, where he directed the Tribunal Services Division - investigating privacy complaints and resolving access to information appeals. In addition to overseeing Tribunal, Acting Commissioner Beamish also served as an executive policy advisor, playing a key role in executing the mandate of the IPC and supporting several initiatives in the best interests of the public, such as bringing universities and hospitals under the <EM>Freedom of Information and Protection of Privacy Act</EM> and ushering in the <EM>Personal Health Information Protection Act</EM>. Prior to joining the IPC, Brian held a number of positions within the Ontario Public Service, including with the Ministries of the Solicitor General and Correctional Services.<BR> <BR> </TD> </TR> <TR> <TD colSpan=8 align=left><IMG border=0 alt="David Goodis" src="http://www.ipc.on.ca/site_images/David-Goodis-web.jpg" width=72 align=left height=108><STRONG>David Goodis, Assistant Commissioner</STRONG><BR> <BR> David Goodis is Assistant Commissioner (Policy &amp; Corporate Services) with the Information and Privacy Commissioner of Ontario. David is a graduate of Western University's law school, and was called to the Ontario Bar in 1988. David has represented the IPC in hearings before the Divisional Court, the Ontario Court of Appeal, and the Supreme Court of Canada. David recently co-authored the 2015 <EM>Annotated Ontario Freedom of Information and Protection of Privacy Acts</EM>, and teaches Canadian administrative law to foreign-trained lawyers at the University of Toronto's Faculty of Law. <BR> <BR> </TD> </TR> <TR> <TD colSpan=8 align=left><IMG border=0 alt="Sherry Liang" src="http://www.ipc.on.ca/site_images/Sherry-Liang-web.jpg" width=72 align=left height=108><STRONG>Sherry Liang, Assistant Commissioner </STRONG><BR> <BR> Sherry Liang is Assistant Commissioner with the Information and Privacy Commissioner of Ontario. In that capacity she is responsible for the Tribunal Services Department which investigates privacy and health information complaints and resolves access to information appeals. Before her appointment to this position Ms. Liang served in various capacities at the IPC and held appointments as a Vice-Chair with the Human Rights Tribunal of Ontario, the Grievance Settlement Board, and the Ontario Labour Relations Board. Ms. Liang has also been a Co-Chair of the University of Toronto Tribunal, practiced as an independent labour arbitrator and mediator, and was an Expert Advisor to Professor Harry Arthurs on the Federal Labour Standards Review Commission. Ms. Liang began her legal career in 1988 practising labour, administrative law and civil litigation at a Toronto law firm. She received a B.A. (Arts) from Queen's University, and her LL.B. and LL.M. (Administrative Law) from the Faculty of Law, University of Toronto. <BR> <BR> </TD> </TR> <TR> <TD colSpan=8 align=left><IMG border=0 alt="Manuela Di Re" src="http://www.ipc.on.ca/site_images/Manuela-DiRe-web.jpg" width=72 align=left height=108><STRONG>Manuela Di Re, Director of Legal Services and General Counsel </STRONG><BR> <BR> Manuela Di Re was called to the Bar of the Province of Ontario in 1998 and to the bar of the State of New York in 2000. Since her call to the bar of the Province of Ontario she has practised exclusively in the area of health law. She began her practice as associate counsel at McCarthy Tétrault providing advice and representation to physicians in claims for medical negligence, in complaints before the College of Physicians and Surgeons of Ontario and in matters before the Health Professions Appeal and Review Board and other administrative tribunals. She then continued her practice as senior legal counsel to a board of health, an ambulance service and two long-term care homes. In January 2005, she joined the Office of the Information and Privacy Commissioner of Ontario and is currently the Director of Legal Services and General Counsel. <BR> <BR> </TD> </TR> <TR> <TD colSpan=8 align=left><IMG border=0 alt="Debra Grant" src="http://www.ipc.on.ca/site_images/Debra-Grant-web.jpg" width=72 align=left height=108><STRONG>Debra Grant, Director of Health Policy </STRONG><BR> <BR> Debra Grant is the Director of Health Policy at the Office of the Information and Privacy Commissioner of Ontario, the independent body that oversees the <EM>Freedom of Information and Protection of Privacy Act</EM>, the <EM>Municipal Freedom of Information and Protection of Privacy Act</EM>, and the <EM>Personal Health Information Protection Act</EM>. She graduated in 1991 with a Ph.D. in social psychology from York University and has a Master's Degree in Applied Social Psychology from the University of Guelph. Since graduating, she has worked for the IPC conducting research and developing policies on access and privacy issues in relation to a wide variety of topics. She currently specializes in privacy issues in relation to the <EM>Personal Health Information Protection Act</EM>. <BR> <BR> </TD> </TR> <TR> <TD colSpan=8 align=left><IMG border=0 alt="Elsé Khoury" src="http://www.ipc.on.ca/site_images/Else-Khoury-web.jpg" width=72 align=left height=108><STRONG>Elsé Khoury, Manager, Information Services for Niagara Region<BR> </STRONG>&nbsp;<BR> Elsé Khoury is the Freedom of Information and Privacy Coordinator for Niagara Region in Ontario, Canada. She is charged with ensuring privacy compliance and FOI accountability for a large, upper tier municipality with over 400,000 residents and 3,000 plus staff in areas as diverse as municipal planning, financial management, water treatment and public health. Elsé has been with Niagara Region since 2004, and in that time has helped to foster the growth and maturity of Niagara Region's privacy program. Elsé is responsible for a growing recognition of the risks associated with bad privacy practices, and recently received Niagara Region's Council endorsement for mandatory privacy training for all staff and elected officials, making Niagara Region a leader in municipal privacy compliance in Ontario. <BR> <BR> </TD> </TR> </TBODY> </TABLE> Tue, 31 Mar 2015 00:00:00 GMT Privacy Complaint Report MC13-67 http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=370 The Office of the Information and Privacy Commissioner of Ontario received a complaint alleging that the City of Vaughan (the City) contravened the <EM>Municipal Freedom of Information and Protection of Privacy Act </EM>(the <EM>Act</EM>) when making the complainant’s personal information available on the Internet in relation to a minor variance application made under the Planning <EM>Act</EM>. In response, this office opened a privacy complaint file to determine if the disclosure of the complainant’s personal information was in compliance with the <EM>Act</EM>.<BR> <BR> The Privacy Complaint Report concludes that the City’s decision to disclose the complainant’s personal information via the Internet is not in contravention of the <EM>Act</EM>. However, the Report recommends that the City consider implementing privacy protective measures that obscures this type of information from search engines and automated agents. (<A href="https://www.ipc.on.ca/english/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9784">Privacy Complaint Report&nbsp;MC13-67</A>) Fri, 20 Mar 2015 00:00:00 GMT Brian Beamish Appointed Commissioner http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=368 <P><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'"><FONT size=2>The Legislative Assembly of Ontario has appointed Brian Beamish to a five-year term as Information and Privacy Commissioner, a role he had been acting in since July 1, 2014. Mr. Beamish joined the IPC as Director of Policy and Compliance in 1999 and served as Assistant Commissioner from 2005. </FONT></SPAN></P> <P><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'"><FONT size=2>In accepting the role of Commissioner, Mr. Beamish expressed gratitude to Members of Provincial Parliament for the confidence they have shown in him and paid tribute to his predecessors, the Honourable Sidney Linden, Tom Wright and Ann Cavoukian. “I am honoured to be given the opportunity and responsibility to build on the many successes of our office in service of the people of Ontario,” said Mr. Beamish.</FONT></SPAN></P> <P><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'"><FONT size=2>Recognizing the gains for access and challenges to privacy brought about by an ever-evolving technological landscape, the new Commissioner will be taking the opportunity to review the essential mandate of the office and map the course for the future. </FONT></SPAN></P> Thu, 26 Feb 2015 00:00:00 GMT Annual Statistical Report FAQ http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=367 Do you have any last minute questions about your 2014 Annual Statistical Report? Please consult our <STRONG><A href="https://www.ipc.on.ca/english/Resources/IPC-Corporate/IPC-Corporate-Summary/?id=619">FAQs</A>.</STRONG>&nbsp;<BR> <BR> Feel free to call us at 1-800-387-0073 or e-mail <A href="mailto:statistics.ipc@ipc.on.ca">statistics.ipc@ipc.on.ca</A> for any unanswered questions. Thank you! Fri, 20 Feb 2015 00:00:00 GMT Commissioner interviewed by CityTV and CBC TV regarding abandoned health records found near Richmond Hill medical clinic. http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=366 The Commissioner was interviewed by both <A href="http://www.citynews.ca/2015/02/18/personal-medical-records-found-strewn-along-street-in-richmond-hill/">CityTV</A> and <A href="http://www.cbc.ca/news/canada/toronto/medical-records-found-outdoors-in-richmond-hill-1.2962655">CBC TV</A> regarding abandoned health records found near a Richmond Hill medical clinic. The interviews focus on the issue of abandoned health records and what can be done&nbsp;to prevent such breaches.&nbsp;<BR> <BR> For information on best practices for secure destruction of health information records, please see our documents, <A href="https://www.ipc.on.ca/images/Resources/fact-10-e.pdf">Fact Sheet 10: Secure Destruction of Personal Inforamtion</A>, and <A href="https://www.ipc.on.ca/images/Resources/naid.pdf">Get Rid of It Securely to Keep it Private.</A> Thu, 19 Feb 2015 00:00:00 GMT Detecting and Deterring Unauthorized Access to Personal Health Information http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=365 <P>Unauthorized access continues to be a growing problem in the health sector in Ontario. The province’s Personal Health Information Protection Act, (PHIPA), permits health information custodians (HIC) to collect, use and disclose personal health information for the purposes of providing or assisting in the provision of health care based on implied or assumed implied consent but prohibits the collection, use and disclosure of personal health information for any other purpose without the express consent of the individual, unless permitted or required by PHIPA. </P> <P>It is important that HICs and their agents recognize that the issue of unauthorized access to personal health information, regardless of motive, is significant and is taken seriously. The protection of privacy should be integral to the delivery of health care and embedded into the culture of health care organizations. Developing and implementing a comprehensive approach, incorporating a variety of measures and ensuring agents are aware of the relevant privacy policies and procedures can go a long way toward preventing unauthorized access.</P> <P>The purpose of this paper is to shed light on the extent of the problem and the potential consequences for individuals, custodians and their agents, and the entire health sector, and to provide guidance to custodians on minimizing the risk of unauthorized access.<BR> </P> <UL> <LI>Paper:&nbsp;<A href="https://www.ipc.on.ca/english/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=1477">Detecting and Deterring Unauthorized Access to Personal Health Information</A></LI> <LI><A href="https://www.ipc.on.ca/english/phipa/is-it-worth-it/">Is It Worth It</A></LI> </UL> Wed, 28 Jan 2015 00:00:00 GMT Hospitals should report privacy breaches to commissioner: Editorial http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=364 <FONT face=Calibri><SPAN style="BACKGROUND: white; COLOR: black; FONT-SIZE: 10pt"><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'; BACKGROUND: white; COLOR: black; FONT-SIZE: 9pt"> <P><SPAN style="COLOR: black; FONT-SIZE: 9pt"><FONT face=Calibri>Today, the </FONT><A href="http://www.thestar.com/opinion/editorials/2015/01/13/hospitals_should_report_privacy_breaches_to_commissioner_editorial.html"><FONT color=#0000ff face=Calibri>Toronto Star</FONT></A><FONT face=Calibri> published an editorial calling on Minister of Health, Eric Hoskins, to close the </FONT></SPAN><FONT face=Calibri><SPAN style="BACKGROUND: white; COLOR: black; FONT-SIZE: 9pt">loophole in the privacy act and strengthen the IPC’s oversight.</SPAN> <BR> <BR> </FONT><FONT face=Calibri><SPAN style="COLOR: black; FONT-SIZE: 9pt">“The Commissioner</SPAN><SPAN style="BACKGROUND: white; COLOR: black; FONT-SIZE: 9pt">&nbsp;is calling for a legislative change to force hospitals to report serious breaches to his office. He is right to do so.</SPAN> <SPAN style="BACKGROUND: white; COLOR: black; FONT-SIZE: 9pt">Clearly there is a need to shine a brighter spotlight on health-care privacy leaks. Mandatory reporting to the privacy commissioner is one way to achieve that goal.”</SPAN></FONT></SPAN></SPAN></P> </SPAN></SPAN></FONT> Wed, 14 Jan 2015 00:00:00 GMT