Guidance

Print double-sided (flip on short edge) on legal size paper, fold on dotted lines

A form for filing a privacy complaint under the provincial or municipal Freedom of Information and Protection of Privacy Act, if you feel your personal information has been improperly collected, used or disclosed by a government organization

Privacy Complaint MC17-32

Guidelines for service providers under Part X of the Child, Youth and Family Services Act

Guidelines for service providers under Part X of the Child, Youth and Family Services Act

This publication replaces the guidance document, What to do When Faced With a Privacy Breach: Guidelines for the Health Sector.

This fact sheet provides guidance on how Ontario public institutions and health information custodians can securely destroy personal information when disposing of electronic media.

Comments from the Information and Privacy Commissioner on the proposed regulation under Part X of the Child, Youth and Family Services Act.

This guidance document outlines the key obligations of police under privacy legislation in their use of ALPR systems and provides guidance, including best practices, on using these systems in a privacy-protective manner.  It addresses the use of ALPR systems for public safety purposes, in particular for the purpose of alerting an officer in an ALPR-equipped vehicle to the...

This fact sheet answers some frequently asked questions about reasonable searches for records.

Commissioner Brian Beamish presented his submission on Bill 89, Supporting Children, Youth and Families Act, 2017 to the Standing Committee on Justice Policy on Thursday, March 30, 2017.

Commissioner Brian Beamish presented this submission to the Standing Committee on Finance and Economic Affairs on March 23, 2017.

The IPC strongly supports Open Government initiatives and encourages Ontario institutions to be more open and transparent, and to enhance their engagement with the public. This document offers guidance for institutions on how to move towards increased government transparency without negatively affecting individuals’ privacy.

PHIPA Code of Procedure

Commissioner Brian Beamish submitted comments to the Standing Committee on Social Policy on Bill 59, Schedule 2 of Bill 59, Putting Consumers First Act, 2016.

The emergence of big data as a tool to manage and analyze large and complex data sets offers great promise and opportunity, but also raises serious privacy challenges and considerations, especially to personal privacy. Public and health sector institutions increasingly use big data tools to improve programs and public services and ensure they are supported by better...

 

This submission addresses the privacy implications of the proposed Bill. The goal of our recommendations is to enhance the protection of personal health information of Ontarians.

This fact sheet highlights the important factors an institution must consider before implementing a video surveillance system.

This guidance is designed to help institutions implement better record and information management practices and enhance the public’s ability to access information.

This fact sheet explains the meaning of the term “personal information,” and answers frequently asked questions.

This fact sheet outlines what to expect when an institution contacts you about an access request, your options for appeal, and other frequently asked questions. This document is part of a series designed to keep the public and professionals up to date with the IPC’s interpretations of access and privacy laws.

Full report on the Commissioner’s investigation into the records management practices of the Toronto Organizing Committee for the 2015 Pan American and Parapan American Games (TO2015).

This fact sheet seeks to answer some of the common questions you may have about the freedom of information process. This document is part of a series designed to keep the public and professionals up to date with the IPC’s interpretations of access and privacy laws.

This fact sheet describes the risks of using email and custodians’ obligations under the Personal Health Information Protection Act. It outlines some of the technical, physical and administrative safeguards needed to protect personal health information when communicating by email and the policies, procedures and training custodians should have in place.

This guidance document provides institutions with an overview of important factors to consider when implementing Open Government including the need for institutional leadership, commitment, governance and resources to support culture change and sustain the program over time, learning from others, engaging both internal and external users, and meeting legal requirements.

This guidance paper is intended as a starting point for institutions considering Open Government and highlights two critical goals: enhancing access to government-held information and public participation.  It includes a discussion about making government-held information open by default and at little or no cost, and ways to enable a true two-way dialogue with the public.

This Fact Sheet from the IPC discusses how ransomware has become an increasingly dangerous threat to the security of electronic records and provides guidance on how public institutions and healthcare organizations can protect themselves against it.

This document highlights the key issues to consider when de-identifying personal information in the form of structured data and it provides a step-by-step process that institutions can follow when removing personal information from data sets.

This document was developed to help Ontario’s public institutions manage the use of instant messaging and personal email accounts when doing business. All public servants should be aware records relating to an institution’s business that are created, sent or received through instant messaging or personal email accounts are subject to Ontario’s access and privacy laws. The...

Submission to the Ministry of Community Safety and Correctional Services on its Strategy for a Safer Ontario

Our office is sometimes required to decide access to information appeals relating to requests for records held by municipal councillors. Unfortunately, the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) does not expressly refer to records of municipal councillors.

Submission of the Information and Privacy Commissioner of Ontario to the Standing Committee on Justice Policy on Bill 119: The Health Information Protection Act, 2015.

The IPC has prepared this new guidance document, Thinking About Clouds? Privacy, security and compliance considerations for Ontario public sector institutions, to help institutions evaluate whether cloud computing services are suitable for their information management needs. In particular, it seeks to raise awareness of the risks associated with using cloud computing services...

Common misunderstandings about privacy are frequently cited as reasons for not sharing information with a children’s aid society (CAS) about a child who may be at risk. In fact, Ontario law permits professionals working with children to share this information. To help professionals understand that privacy is not a barrier to disclosing this important information, the IPC...

Bill 8, the Public Sector and MPP Accountability and Transparency Act, 2014, will come into effect on January 1, 2016.

Letter and submission from the IPC to the the Honourable Yasir Naqvi, Minister of Community Safety and Correctional Services, the Commissioner offers recommendations on the draft regulation proposed on October 28, 2015, which seeks to regulate the practice of police street checks across the province.

Submission from the IPC to the the Honourable Yasir Naqvi, Minister of Community Safety and Correctional Services, the Commissioner offers recommendations on the draft regulation proposed on October 28, 2015, which seeks to regulate the practice of police street checks across the province.

Use this Workbook and Guide as a “how to” tool to complete the statistical report for the Information and Privacy Commissioner/Ontario about requests made under the Personal Health Information Protection Act, 2004 (PHIPA).

This workbook and guide is designed to provide step-by-step instructions for the completion of the Information and Privacy Commissioner’s (IPC) Year-End Statistical Report as required by the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA).

This workbook and guide is designed to provide step-by-step instructions for the completion of the Information and Privacy Commissioner’s (IPC) Year-End Statistical Report as required by the Freedom of Information and Protection of Privacy Act (FIPPA).

This revised FAQ has a new look and feel and has been rewritten with cleaner, easy to understand, gender-neutral language. Also included are a few additions to the original publication:

Our frequently asked questions on health cards and health numbers clarify who may collect, use or disclose health numbers for health care purposes, as well as the use of health cards as a proof of identity. The guidance covers: Who may require individuals to produce their health cards? Who may collect, use or disclose health numbers and under what circumstances? ...

Many institutions turn to video surveillance to help them fulfil their obligations to protect the safety of individuals and the security of their equipment and property. Video footage captured by cameras is regularly used to assist in the investigation of wrongdoing. However, the use of these surveillance technologies can put individuals’ privacy at risk. Therefore, it is...

Proactive disclosure of procurement records strengthens clarity and accountability around government spending. It can also provide tangible benefits to institutions by reducing the number of procurement-related freedom of information requests, appeals and associated costs.

This document was thoroughly reviewed and updated in August, 2015, introducing clear and easy to understand gender-neutral language. Updated: August 2015

Municipalities are turning to the Internet as a means of making information public in an effort to improve accessibility, transparency and accountability. This may include publishing records directly to their website or including records in searchable databases that can be accessed online. Publishing materials online is an effective means of ensuring that the public has access...

Ontario public sector institutions must meet high standards of care and trust whenever collecting, using and disclosing personal and other sensitive information. Any public institution considering new information technologies, systems, and program services that may affect privacy are strongly encouraged to complete a privacy impact assessment (PIA).

 

This guidance document aims to identify some of the privacy considerations law enforcement authorities should take into account when deciding whether to outfit law enforcement officers with body-worn cameras. Published by the federal Privacy Commissioner and privacy and personal information protection Ombudspersons and Commissioners in all provinces and territories, the...

Unauthorized access continues to be a growing problem in the health sector in Ontario. The province’s Personal Health Information Protection Act, (PHIPA), permits health information custodians (HIC) to collect, use and disclose personal health information for the purposes of providing or assisting in the provision of health care based on implied or assumed implied consent but...

There are many myths surrounding how information may be collected, used and disclosed under the Personal Health Information Protection Act. Working with our partners in the health care community, we have created this one-page document to dispel some of the more common myths.

In Order HO-011, the Information and Privacy Commissioner of Ontario (IPC) ordered Cancer Care Ontario to discontinue its practice of transferring records of personal health information relating to its colon cancer screening program in paper format, after several courier packages containing the personal health information of over 7,000 individuals were lost. Cancer Care Ontario...

Practical information about identity theft, how to avoid it, and what to do if you find you are a victim.

Other Resources: Grade 11/12 Fact Sheet

The purpose of this Fact Sheet is to provide organizations that are defined as both health information custodians under the Personal Health Information Protection Act (PHIPA) and institutions under public sector privacy and access to information legislation, namely the provincial Freedom of Information and Protection of Privacy Act (FIPPA) or its municipal counterpart the...

Other Resources: Grade 10 Fact Sheet

The Office of the Information and Privacy Commissioner, in Order HO-004 and Order HO-007, required that health information be safeguarded at all times, specifically by ensuring that any personal health information stored on any mobile devices (e.g., laptops, memory sticks, PDAs) be strongly encrypted.This Fact Sheet paper provides a working definition of strong encryption and...

The purpose of the Manual For The Review and Approval of Prescribed Persons and Prescribed Entities is to outline the new process that will be followed by the Information and Privacy Commissioner of Ontario, commencing on January 31, 2010, in reviewing the practices and procedures implemented by prescribed persons and prescribed entities to protect the privacy of individuals...

Health information custodians frequently rely on de-identification when using or disclosing health information – a measure that can protect individual privacy, but often at the expense of data quality (zero-sum paradigm). Dr. Khaled El Emam, a senior investigator at the Children’s Hospital of Eastern Ontario Research Institute (CHEO), has resolved this dilemma through the...

This is joint publication between Commissioner, Dr. Ann Cavoukian and Robert Johnson, Executive Director of the National Association for Information Destruction (NAID). This publication was borne out of a particular Health Order (HO-006) which Commissioner Cavoukian issued this past summer regarding records containing personal health information being found scattered on...

This paper is a chronicle describing the IPC’s work to enhance awareness about the privacy challenges youth face on the Internet.

Your Rights under Ontario’s Freedom of Information Laws

RFID and Privacy: Guidance for Health-Care Providers. RFID technology can help save lives – and preserve privacy.

Social networking websites such as Facebook are now so popular that they are being used by employers to screen prospects. Information you post on your profile for the amusement of you and your friends may, therefore, be viewed in a different light. This short paper cautions users of these sites about this growing trend in use of these sites and offers tips on how to reduce the...

A brochure outlining suggested best practices for securing mobile devices (PDAs, laptops, etc.) and protecting the information carried out of the workplace on them. Steps are organized into sections: Before you Walk out of the Workplace, While you are Out and When You have Completed Your Work. Includes a checklist and list of IPC resources. Revised: May 2014

Fact Sheet about the use of wireless CCTV cameras.

This document assists organizations in making key decisions about notifying individuals after a privacy breach occurs by presenting checklists covering factors affecting whether to notify, when and how to notify, what to include in a notification and other organizations that should be contacted. The document was produced jointly by the Office of the Information and Privacy...

Practice Direction #1 – Providing records to the IPC during an appeal

Practice Direction #10 – Appeal fees

Revised February 2012

Information on how to file an access to information request under FIPPA or MFIPPA.

A generic request form for filing a request to correct your personal health information held by a health information custodian. This request form should be submitted directly to the health information custodian.

This guide focuses on introducing students to the importance of the public values of access to government-held information and personal privacy.

A form to be signed by an appellant who is represented by someone other than a lawyer in an appeal relating to a request for general information or for the appellant’s personal information/correction of personal information.

A form to be signed by a complainant who is represented by someone other than a lawyer.

Short Notices to the Public under the Personal Health Information Protection Act

Short Notices to the Public under the Personal Health Information Protection Act

Short Notices to the Public under the Personal Health Information Protection Act

Short Notices to the Public under the Personal Health Information Protection Act

Short Notices to the Public under the Personal Health Information Protection Act

Short Notices to the Public under the Personal Health Information Protection Act

Revised October 2012

Revised Sept. 2014.

A generic request form for filing a request for access to your personal health information held by a health information custodian. This request form should be submitted directly to the health information custodian.

This brochure provides information on complaints about access or correction of personal health information under PHIPA.

This brochure provides information about collection, use, disclosure and other complaints under PHIPA.

This guide is a tool to help health information custodians understand their rights and obligations under the Personal Health Information Protection Act, (PHIPA).

[Revised February 2019]

The brochure explains the IPC’s outreach program to schools in Ontario, specifically for grades 11/12

Program focuses on introducing students to the importance of the public values of access to government-held information and personal privacy. Expanded program for Grade 11/12.

A form for filing an appeal of a decision by a government organization relating to a request made under the provincial or municipal Freedom of Information and Protection of Privacy Act.

A Joint Project of the Office of the Information and Privacy Commissioner of Ontario and the Ministry of the Attorney General.

Tip sheet for government organizations on handling information

Tip sheet for government organizations on handling information.

A form that should be used by institutions when responding to a request under the provincial or municipal Act or providing information to the IPC during the course of an appeal. It is a listing of all of the enclosed records being released by the institution.

Tip sheet for government organizations on handling information

Tip sheet for government insitutions on handling information.

A generic request form for filing a request for information held by a government organization or to request a correction of your personal information held by a government organization.

A form to be signed by a complainant who is represented by someone other than a lawyer in a privacy complaint.

The PDT is an instrument that uses a series of questions to give businesses a ‘read’ on how well they manage their customers’ personal information. The PDT uses internationally recognized fair information practices as its basis.

Provides best practices and tips to assist government organizations in developing policies that address the privacy obligations of employees who are working in locations outside the traditional office setting.

An educative tool designed to help companies identify and implement appropriate practices for protecting the privacy of their online customers.

Consumer information regarding appeals of a decision made to an access request under FIPPA or MFIPPA.

A quick overview of the key points of the provincial Act. [Revised July 2014]

Each provincial and municipal government organization has a Co-ordinator. This Backgrounder looks at the critically important role that Co-ordinators play.

The brochure explains the IPC’s outreach program to schools in Ontario, specifically for grade 5

Tip sheet for government organizations on handling information.

Tip sheet for government organizations on handling personal information with regards to social insurance numbers.

Tip sheet for government institutions on information management.

Tip sheet for government organizations on information management.

Tip sheet for government institutions on handling personal information. Revised July, 2009.

A quick overview of the key points of the municipal Act. [Revised July 2014]

Provides a template designed for insertion into contracts drawn up when a government function is transferred over to the private sector. The model contract will provide assurances to the public that their personal information will be kept secure and their right to privacy preserved when government functions are transferred over to the private sector.

Municipal Guidelines on Applications to the Office of the Information and Privacy Commissioner/Ontario for Authorization of Indirect Collection by Institutions Covered Under the Municipal Freedom of Information and Protection of Privacy Act.

Provincial Guidelines on Applications to the Office of the Information and Privacy Commissioner/Ontario for Authorization of Indirect Collection by Institutions Covered Under the Freedom of Information and Protection of Privacy Act.