Protecting personal information

Privacy breaches happen when personal information is collected, retained, used or disclosed in ways that don’t follow the rules set out in the Freedom of Information and Protection of Privacy Act (FIPPA) and the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and Part X of the Child, Youth and Family Services Act (CYFSA).

If a person believes that a provincial or municipal government institution or a child and family service provider has failed to comply with one or more of the acts, and that their privacy has been compromised as a result, they can file a complaint with our office.

If the IPC learns of a possible privacy breach, we can initiate a complaint without an individual complainant. We will investigate to see if there was a privacy breach, make recommendations and help the institution take whatever steps are necessary to prevent future breaches.

 

DEVELOPING A PRIVACY PROGRAM

Whether you work for a small rural municipality or a large provincial ministry with thousands of employees or a children’s aid society, you must develop a privacy program. The principles are the same, regardless of the size of your institution. To develop a good privacy program, you must:

  • Appoint a privacy officer, who will lead the development of the privacy program and be responsible for its implementation and day-to-day operation.
  • Build a framework for the program that describes who are your stakeholders and what personal information will be collected, used, retained, disclosed, secured and disposed of by your institution.
  • Identify any requirements under the FIPPAMFIPPA or Part X of the CYFSA and any potential risks and impacts on privacy.
  • Identify how you will reduce or eliminate any privacy risks and how you will address them if they happen.
  • Ensure approval and buy-in from all senior leadership in your institution.

Review the full list of IPC guidance documents.

This post is also available in: French