Guidance for Organizations

The Office of the Information and Privacy Commissioner publishes guidance documents to promote compliance with Ontario’s access and privacy laws.

New materials are posted on an ongoing basis. If you are looking for a guidance on a topic that is not listed here, please contact us.

This post is also available in: French

Title / Description Topic Type Date

Protect Against Phishing

This post is also available in: French

Privacy And Transparency In A Modern Government | Technology And Security Fact Sheets Jul 04 2019

Lesson Plan: Privacy Rights of Children and Teens

This post is also available in: French

Children And Youth In A Digital World | Personal Information | Privacy | Technology And Security | Youth Educational Material Jun 18 2018

Lesson Plan: Know the Deal: The Value of Privacy

This post is also available in: French

Children And Youth In A Digital World | Personal Information | Privacy | Technology And Security | Youth Educational Material Jun 18 2018

Lesson Plan: Getting the Toothpaste Back into the Tube: A Lesson on Online Information

This post is also available in: French

Children And Youth In A Digital World | Personal Information | Privacy | Technology And Security | Youth Educational Material Jun 18 2018

Smart Cities and Your Privacy Rights

This post is also available in: French

Privacy | Privacy And Transparency In A Modern Government | Technology And Security Fact Sheets Apr 27 2018

Joint Federal Provincial Territorial Letter to Minister of Infrastructure and Communities on Smart Cities Challenge

This post is also available in: French

Privacy | Privacy And Transparency In A Modern Government | Technology And Security Letters Apr 26 2018

Disposing of Your Electronic Media

This fact sheet provides guidance on how Ontario public institutions and health information custodians can securely destroy personal information when disposing of electronic media.

Information Management | Privacy And Transparency In A Modern Government | Technology And Security Best Practices | Fact Sheets Mar 06 2018

Joint Federal Provincial Territorial Letter to Council of Ministers of Education on the Importance of Privacy Education

This post is also available in: French

Children And Youth In A Digital World | Privacy | Technology And Security | Youth Letters Nov 08 2017

Guidance on the Use of Automated Licence Plate Recognition Systems by Police Services

This guidance document outlines the key obligations of police under privacy legislation in their use of ALPR systems and provides guidance, including best practices, on using these systems in a privacy-protective manner.  It addresses the use of ALPR systems for public safety purposes, in particular for the purpose of alerting an officer in an ALPR-equipped vehicle to the...

Law Enforcement/policing | Privacy | Technology And Security Best Practices | Papers | Professional Guidelines Jul 04 2017

Fact Sheet: Video Surveillance

This fact sheet highlights the important factors an institution must consider before implementing a video surveillance system.

Privacy | Privacy And Transparency In A Modern Government | Surveillance | Technology And Security Best Practices | Fact Sheets | Professional Guidelines Nov 09 2016

Fact Sheet: Communicating Personal Health Information by Email

This fact sheet describes the risks of using email and custodians’ obligations under the Personal Health Information Protection Act. It outlines some of the technical, physical and administrative safeguards needed to protect personal health information when communicating by email and the policies, procedures and training custodians should have in place.

Health | Technology And Security | Trust In Digital Health Best Practices | Fact Sheets | Professional Guidelines Sep 15 2016

Thinking About Clouds? Privacy, security and compliance considerations for Ontario public sector institutions

The IPC has prepared this new guidance document, Thinking About Clouds? Privacy, security and compliance considerations for Ontario public sector institutions, to help institutions evaluate whether cloud computing services are suitable for their information management needs. In particular, it seeks to raise awareness of the risks associated with using cloud computing...

Privacy | Privacy And Transparency In A Modern Government | Technology And Security Feb 20 2016

Transparency, Privacy and the Internet: Municipal Balancing Acts

Municipalities are turning to the Internet as a means of making information public in an effort to improve accessibility, transparency and accountability. This may include publishing records directly to their website or including records in searchable databases that can be accessed online. Publishing materials online is an effective means of ensuring that the public has...

Legislation | Privacy | Privacy And Transparency In A Modern Government | Technology And Security Papers | Professional Guidelines Aug 04 2015

Planning for Success: Privacy Impact Assessment Guide

Ontario public sector institutions must meet high standards of care and trust whenever collecting, using and disclosing personal and other sensitive information. Any public institution considering new information technologies, systems, and program services that may affect privacy are strongly encouraged to complete a privacy impact assessment...

Access | Information Management | Privacy | Technology And Security Professional Guidelines May 19 2015

De-identification Protocols: Essential for Protecting Privacy

Information is becoming far more valuable as businesses seek to learn more about their customers and those of their competitors, and as advertisers seek to gain a competitive advantage by finding new and innovative ways to use information to target advertisements that are most relevant to their consumers.

Information Management | Privacy | Privacy And Transparency In A Modern Government | Technology And Security Papers | Professional Guidelines Jun 25 2014

Freedom and Control: Engineering a New Paradigm for the Digital World

Privacy and cybersecurity professionals, creators of digital property, and countless policy-makers have spent decades fighting to civilize the digital world, but they have lacked the most fundamental tool they need to succeed, namely — information systems engineering that enables true control of digital data.

It is now possible to change the paradigm of the...

Information Management | Privacy | Technology And Security Papers May 08 2014

A Primer on Metadata: Separating Fact from Fiction

Since the recent revelations of the NSA’s sweeping surveillance of the public’s metadata, the term “metadata” has been regularly used in the media, frequently without any explanation of its meaning. Metadata’s reach can be extensive – including information that reveals the time and duration of a communication, the particular devices used, email addresses, or...

Information Management | Technology And Security Papers Jul 17 2013

Privacy and Drones: Unmanned Aerial Vehicles

Unmanned Aerial Vehicles (UAV) present unique challenges due to their ability to use a variety of sensors to gather information from unique vantage points – often for long periods and on a continuous basis. The prospect of having our every move monitored, and possibly recorded, raises profound civil liberty and privacy concerns. At the same time, there are many desirable...

Privacy | Technology And Security Papers Aug 16 2012

Fact Sheet #18 – Secure Transfer of Personal Health Information

In Order HO-011, the Information and Privacy Commissioner of Ontario (IPC) ordered Cancer Care Ontario to discontinue its practice of transferring records of personal health information relating to its colon cancer screening program in paper format, after several courier packages containing the personal health information of over 7,000 individuals were lost. Cancer Care...

Health | Information Management | Privacy | Technology And Security Aug 01 2012

Identity Theft: A Crime of Opportunity

Practical information about identity theft, how to avoid it, and what to do if you find you are a victim.

Privacy | Technology And Security Brochures Jul 17 2012

Mobile Near Field Communications (NFC) “Tap ‘n Go” – Keep it Secure and Private

This paper examines Near Field Communications (NFC) technologies and their growing deployment in mobile devices. Four consumer use cases illustrate NFC functionalities and benefits. Privacy and security risks are identified, and solutions are offered for NFC mobile device and application developers that are informed by the Privacy by Design Foundational Principles. ...

Privacy | Technology And Security Papers Nov 28 2011

Fact Sheet #16 – Health-Care Requirement for Strong Encryption

The Office of the Information and Privacy Commissioner, in Order HO-004 and Order HO-007, required that health information be safeguarded at all times, specifically by ensuring that any personal health information stored on any mobile devices (e.g., laptops, memory sticks, PDAs) be strongly encrypted.This Fact Sheet paper provides a working definition of strong encryption...

Health | Privacy | Technology And Security Educational Material | Fact Sheets Jul 16 2010

Adding an On/Off Device to Activate the RFID in Enhanced Driver’s Licences: Pioneering a Made-in-Ontario Transformative Technology that Delivers Both Privacy and Security

This discussion paper describes the IPC’s work in toward the implementation of an on/off device allowing holders of an Enhanced Drivers Licence (EDL) to prevent the Radio Frequency Identification (RFID) from being read by unauthorized third parties and disengage the RFID when not required for border-crossing purposes

Privacy | Technology And Security Papers Mar 19 2009

Reference Check: Is Your Boss Watching? The New World of Social Media: Privacy and Your Facebook Profile

Social networking websites such as Facebook are now so popular that they are being used by employers to screen prospects. Information you post on your profile for the amusement of you and your friends may, therefore, be viewed in a different light. This short paper cautions users of these sites about this growing trend in use of these sites and offers tips on how to reduce...

Privacy | Technology And Security Oct 24 2007

Safeguarding Privacy on Mobile Devices

A brochure outlining suggested best practices for securing mobile devices (PDAs, laptops, etc.) and protecting the information carried out of the workplace on them. Steps are organized into sections: Before you Walk out of the Workplace, While you are Out and When You have Completed Your Work. Includes a checklist and list of IPC resources. Revised: May 2014 ...

Privacy | Technology And Security Jun 14 2007

Fact Sheet #13 – Wireless Communications Technologies: Video Surveillance Systems

Fact Sheet about the use of wireless CCTV cameras.

Privacy | Surveillance | Technology And Security Fact Sheets Jun 07 2007

The Security-Privacy Paradox: Issues, Misconceptions and Strategies

This joint paper produced by IPC Ontario and Deloitte & Touche provides hands-on advice for developing strategies for information security and privacy protection.

Privacy | Surveillance | Technology And Security Papers Aug 01 2003

Guidelines on Facsimile Transmission Security

This updated paper sets out guidelines for government institutions to consider when developing systems and procedures to maintain the confidentiality and integrity of information transmitted by fax.

Privacy | Technology And Security Best Practices | Papers | Professional Guidelines Jan 01 2003

Best Practices for Online Privacy Protection

An educative tool designed to help companies identify and implement appropriate practices for protecting the privacy of their online customers.

Privacy | Technology And Security Best Practices | Professional Guidelines Jun 01 2001