Guidance for Organizations

This post is also available in: French

This post is also available in: French

This post is also available in: French

This post is also available in: French

This post is also available in: French

This post is also available in: French

This fact sheet provides guidance on how Ontario public institutions and health information custodians can securely destroy personal information when disposing of electronic media.

This post is also available in: French

This guidance document outlines the key obligations of police under privacy legislation in their use of ALPR systems and provides guidance, including best practices, on using these systems in a privacy-protective manner.  It addresses the use of ALPR systems for public safety purposes, in particular for the purpose of alerting an officer in an ALPR-equipped vehicle to the...

This fact sheet highlights the important factors an institution must consider before implementing a video surveillance system.

This fact sheet describes the risks of using email and custodians’ obligations under the Personal Health Information Protection Act. It outlines some of the technical, physical and administrative safeguards needed to protect personal health information when communicating by email and the policies, procedures and training custodians should have in place.

The IPC has prepared this new guidance document, Thinking About Clouds? Privacy, security and compliance considerations for Ontario public sector institutions, to help institutions evaluate whether cloud computing services are suitable for their information management needs. In particular, it seeks to raise awareness of the risks associated with using cloud computing...

Municipalities are turning to the Internet as a means of making information public in an effort to improve accessibility, transparency and accountability. This may include publishing records directly to their website or including records in searchable databases that can be accessed online. Publishing materials online is an effective means of ensuring that the public has...

Ontario public sector institutions must meet high standards of care and trust whenever collecting, using and disclosing personal and other sensitive information. Any public institution considering new information technologies, systems, and program services that may affect privacy are strongly encouraged to complete a privacy impact assessment...

Information is becoming far more valuable as businesses seek to learn more about their customers and those of their competitors, and as advertisers seek to gain a competitive advantage by finding new and innovative ways to use information to target advertisements that are most relevant to their consumers.

Privacy and cybersecurity professionals, creators of digital property, and countless policy-makers have spent decades fighting to civilize the digital world, but they have lacked the most fundamental tool they need to succeed, namely — information systems engineering that enables true control of digital data.

It is now possible to change the paradigm of the...

Since the recent revelations of the NSA’s sweeping surveillance of the public’s metadata, the term “metadata” has been regularly used in the media, frequently without any explanation of its meaning. Metadata’s reach can be extensive – including information that reveals the time and duration of a communication, the particular devices used, email addresses, or...

Unmanned Aerial Vehicles (UAV) present unique challenges due to their ability to use a variety of sensors to gather information from unique vantage points – often for long periods and on a continuous basis. The prospect of having our every move monitored, and possibly recorded, raises profound civil liberty and privacy concerns. At the same time, there are many desirable...

In Order HO-011, the Information and Privacy Commissioner of Ontario (IPC) ordered Cancer Care Ontario to discontinue its practice of transferring records of personal health information relating to its colon cancer screening program in paper format, after several courier packages containing the personal health information of over 7,000 individuals were lost. Cancer Care...

Practical information about identity theft, how to avoid it, and what to do if you find you are a victim.

This paper examines Near Field Communications (NFC) technologies and their growing deployment in mobile devices. Four consumer use cases illustrate NFC functionalities and benefits. Privacy and security risks are identified, and solutions are offered for NFC mobile device and application developers that are informed by the Privacy by Design Foundational Principles. ...

The Office of the Information and Privacy Commissioner, in Order HO-004 and Order HO-007, required that health information be safeguarded at all times, specifically by ensuring that any personal health information stored on any mobile devices (e.g., laptops, memory sticks, PDAs) be strongly encrypted.This Fact Sheet paper provides a working definition of strong encryption...

This discussion paper describes the IPC’s work in toward the implementation of an on/off device allowing holders of an Enhanced Drivers Licence (EDL) to prevent the Radio Frequency Identification (RFID) from being read by unauthorized third parties and disengage the RFID when not required for border-crossing purposes

Social networking websites such as Facebook are now so popular that they are being used by employers to screen prospects. Information you post on your profile for the amusement of you and your friends may, therefore, be viewed in a different light. This short paper cautions users of these sites about this growing trend in use of these sites and offers tips on how to reduce...

A brochure outlining suggested best practices for securing mobile devices (PDAs, laptops, etc.) and protecting the information carried out of the workplace on them. Steps are organized into sections: Before you Walk out of the Workplace, While you are Out and When You have Completed Your Work. Includes a checklist and list of IPC resources. Revised: May 2014 ...

Fact Sheet about the use of wireless CCTV cameras.

This joint paper produced by IPC Ontario and Deloitte & Touche provides hands-on advice for developing strategies for information security and privacy protection.

This updated paper sets out guidelines for government institutions to consider when developing systems and procedures to maintain the confidentiality and integrity of information transmitted by fax.

An educative tool designed to help companies identify and implement appropriate practices for protecting the privacy of their online customers.