Affichage de 15 sur 683 résultats
| Order Numbers | Type | Collection | Adjudicators | Date Published | |
|---|---|---|---|---|---|
| NJ12-7 | Reviews/Registrations / Authorizations | Privacy Reports | En savoir plusExpand | ||
Investigation into the loss of two USB keys containing unencrypted personal information that were used by the Strike-off Project of Elections Ontario (EO). Findings: EO failed to put in place reasonable measures to protect the physical security, and the privacy and security of the personal information in its custody and control and, in particular, failed to ensure that the personal information stored on mobile electronic devices was encrypted. EO failed to take steps to ensure that existing policies were reflected in actual practice; failed to ensure that senior staff were accountable and responsible for privacy and security; failed to adequately train its staff; and, failed to respond adequately to the privacy breach by continuing to store unencrypted data on USB keys after having learned of the privacy breach. Recommendations: Retain the services of an independent third party to conduct a thorough and comprehensive audit of all of the personal information management practices at EO; Develop an overarching privacy policy; Establish Technology Services as the centre of responsibility and accountability at EO for implementation of strong measures to protect the privacy and security of personal information on all electronic devices and for ensuring that staff are fully trained and supported regarding the use of these devices; Appoint a Chief Privacy Officer; Develop a comprehensive, mandatory privacy training program for all staff; Develop an ongoing communications plan to ensure that all staff are made aware of and are reminded of EO’s privacy and security policies. In addition, the Report recommends that the government of Ontario ask the Auditor General of Ontario to conduct privacy audits of the information management practices of selected public sector agencies in the province; and conduct a review and modernization of the Election Act to ensure that the privacy and security of the personal information in the custody of EO is strongly protected and used prudently, as prescribed. • News Release: Commissioner Cavoukian’s investigation finds systemic failures at Elections Ontario – paving the way to the largest privacy breach in Ontario history |
|||||
| PC11-34 | Privacy Complaint Report | Privacy Reports | Jeffrey Cutler | En savoir plusExpand | |
The complainant complained that staff at the Ontario Provincial Police, Lancaster Branch had inappropriately disclosed to her landlord an occurrence report which included her personal information. The ministry responsible for the Ontario Provincial Police admitted that a privacy breach had occurred. The issue here is whether the ministry responded appropriately to this breach, and this Report finds that it did not. |
|||||
| MC10-46 | Privacy Complaint Report | Privacy Reports | Jeffrey Cutler | En savoir plusExpand | |
The Municipality forwarded an access request to Chatham-Kent Energy and Chatham-Kent Energy forwarded a copy of its response to the access request to the Municipality. Section 2(1)(personal information) - information about the Complainant's utilities account qualifies as personal information. Section 18(2)(access) - request was appropriately transferred by the Municipality to Chatham-Kent Energy in accordance with the Act. Section 28(2)(collection) - the response to the access request was not collected by the Municipality within the meaning of the Act. Recommendation: The Municipality should fully delete all electronic copies of Chatham-Kent Energy's response to the access request and securely shred any paper copies in its possession. |
|||||
| MC10-55 | Privacy Complaint Report | Privacy Reports | Jeffrey Cutler | En savoir plusExpand | |
Chatham-Kent Energy forwarded a copy of its response to an access request to its Chief Executive Officer and to the Municipality of Chatham-Kent. Section 2(1)(personal information) - information about the Complainant's utilities account qualifies as personal information. Section 32 (Disclosure) - Chatham-Kent Energy improperly disclosed the Complainant’s personal information to its Chief Executive Officer and to the Municipality of Chatham-Kent. Recommendations: 1. Chatham-Kent Energy should develop guidelines for the processing of FOI requests that are in accordance with the Act. 2. Chatham-Kent Energy should ask the Municipality of Chatham-Kent to fully delete all electronic copies of the November 6, 2007 email and to securely shred any paper copies in its possession. |
|||||
| MC10-75 AND MC11-18 | Privacy Complaint Report | Privacy Reports | En savoir plusExpand | ||
Use of complainant’s e-mail address by former City Councillor and TTC Chair to send e-mail advising that he would no longer be serving in those capacities. Issues: • Section 2(1) (personal information) – the complainant’s e-mail address qualifies as personal information. • Custody or control (City of Toronto) – the e-mail record was in the City’s custody or control. • Custody or control (TTC) – The e-mail record was in the TTC’s custody or control. • Section 31 (use) – the City’s use of the record was not in accordance with the Act. • Section 31 (use) the TTC’s use of the record was not in accordance with the Act. Recommendations: 1. The City should amend the Code of Conduct for Members of Local boards to clarify that correspondence should only be used in accordance with the Act. 2. The City should strongly encourage all current members of Council to attend a training session on access and privacy. 3. The TTC should circulate a memorandum to all of its current board members addressing the importance of protecting the privacy of the personal information contained in correspondence received from members of the public. |
|||||
| PC10-39 | Privacy Complaint Report | Privacy Reports | En savoir plusExpand | ||
• Collection of the date of birth of complainants by the Office of the Independent Police Review Director (OIPRD). • Section 2(1) (personal information) - the date of birth of OIPRD complainants qualifies as personal information. • Section 38(2) (collection) - the collection of the personal information was in accordance with the Act. |
|||||
| MC08-91 | Privacy Complaint Report | Privacy Reports | Mark Ratner | En savoir plusExpand | |
• Practices respecting the complainants’ personal information. • Section 2(1) (personal information) – the information contained in the complainants’ correspondence qualifies as personal information. • Section 2(1) (personal information) – the information described in the memorandum in question does not qualify as personal information. • Section 28(2) (collection) - the personal information in question was not “collected” under the Act. • Section 29(2) (notice) -notice of collection was not required. • Section 31 (use) - the personal information was used in accordance with the Act. • Section 32 (disclosure) - the personal information was disclosed in accordance with the Act. |
|||||
| MI10-5 | Privacy Complaint Report | Privacy Reports | Mark Ratner | En savoir plusExpand | |
Implementation of a student survey. • Section 2(1) (personal information) – the information collected through the survey qualifies as personal information. • Section 28(2) (collection) – the collection of the personal information is in accordance with section 28(2) of the Act. • Section 29(2) (notice) – the Notice of Collection satisfies the requirements under section 29(2) of the Act. • Section 31 (use) – the Board’s contemplated uses of personal information are in accordance with section 31 of the Act. • Section 32 (disclosure) – the Board’s contemplated disclosure of the personal information is in accordance with section 32 of the Act. • Section 3(1) of Regulation 823 (security) – the Board has reasonable measures in place to prevent unauthorized access to records. Recommendations: • None |
|||||
| MC10-1 | Privacy Complaint Report | Privacy Reports | Mark Ratner | En savoir plusExpand | |
• Disclosure of confidential report containing complainant’s personal information • Section 2(1) (personal information) - the report contained personal information. • Section 32 (disclosure) - the personal information was not disclosed in accordance with the Act. • Section 3(1) Regulation 823 (security) - the City had reasonable measures in place to prevent unauthorized access to the records. Recommendations: • None |
|||||
| MC10-4 | Privacy Complaint Report | Privacy Reports | Mark Ratner | En savoir plusExpand | |
• Collection of new customer information from a hydro utility. • Section 2(1) (personal information) - the information qualifies as personal information. • Section 28(2) (collection) - the collection of the personal information was not in accordance with the Act. • Section 31 (use) - the use of the personal information was not in accordance with the Act. • Section 30(4) (disposal) - the City has properly disposed of the personal information in question. Recommendations: • None |
|||||
| MC10-2 | Privacy Complaint Report | Privacy Reports | Mark Ratner | En savoir plusExpand | |
• Video Surveillance in the Mississauga Civic Centre • Section 2(1) (personal information) - the information qualifies as personal information. • Section 28(2) (collection) - the personal information was collected in accordance with the Act. • Section 29(1) (notice) - the City has provided notice of collection as required under the Act. • Section 31 (use) - the City's use of the personal information was in accordance with the Act. • Section 32 (disclosure) - the disclosure of the personal information was in accordance with the Act. • Section 3(1) of O.R. 823 (security) - the City had adequate security measures in place. • Section 5 of O.R. 823 (retention) - the City had satisfactory retention policies in place. Recommendations: • none |
|||||
| MC09-9 | Privacy Complaint Report | Privacy Reports | En savoir plusExpand | ||
• Telephone survey of residents of the Township of Wainfleet. • Section 2(1) (personal information) - the information qualifies as personal information. • Section 28(2) (collection) - the personal information was collected in accordance with the Act. • Section 29(2) (notice) - the notice requirement was only partially satisfied. • Section 3(1) of O.R. 823 (security) - the Region did not have adequate security measures in place. • Recommendation: In future, the Region should ensure that language is included in purchase authorization documents or contracts providing that all personal information is dealt with in accordance with the Act. |
|||||
| PC10-36 | Privacy Complaint Report | Privacy Reports | En savoir plusExpand | ||
• Fraudulent driver's licence address changes on the ServiceOntario website. • Section 2(1) (personal information) The records contained personal information. • Section 42 (disclosure) The disclosure of the personal information was not in accordance with the Act. • Section 4(1) of O.R. 460 (Security) MGS did not have reasonable security measures in place. • Recommendations: 1. Continue to develop long-term solutions for online authentication. 2. Develop measures to better detect and report on suspicious changes of address. |
|||||
| MC09-24 | Privacy Complaint Report | Privacy Reports | En savoir plusExpand | ||
• Disclosure of complainants' address by a by-law enforcement officer • Section 2(1) (definition of personal information) - the address was the complainants' personal information • Section 32 (disclosure) - the disclosure was in accordance with the Act. |
|||||
| MC09-56 | Privacy Complaint Report | Privacy Reports | Mark Ratner | En savoir plusExpand | |
• Information contained in a Report of the Integrity Commissioner for the City of Vaughan • Section 2(1) (definition of personal information) - the Report contained personal information. • Section 32 (disclosure) - the disclosure of the personal information was in accordance with the Act. |
|||||