Role and Mandate

The IPC was established in 1988 with oversight of the Freedom of Information and Protection of Privacy Act (FIPPA). That oversight was expanded to the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) in 1991 and the Personal Health Information Protection Act (PHIPA) in 2004.

FIPPA applies to provincial ministries, most provincial agencies, boards and commissions, as well as to universities and colleges, while MFIPPA covers municipal institutions such as municipalities, police, library, health and school boards, and transit commissions. PHIPA regulates the collection, use and disclosure of personal health information within Ontario’s health-care system.

Together, these three acts establish the rules for how Ontario’s public institutions and health care providers may collect, use, and disclose personal information. The acts also provide the public with a right of access to government-held information and access to their own personal information while ensuring that any personal information held by public institutions and health care providers will remain private and secure from unauthorized access.

The IPC plays a crucial role overseeing these acts and serves both the government and public through the following mandate:

• resolve appeals when there is a refusal to grant access to information
• investigate privacy complaints related to personal information
• ensure compliance with the acts
• review privacy policies and information practices
• conduct research on access and privacy issues and provide comment on proposed government legislation and programs
• reach out and educate the public, media and other stakeholders about Ontario’s access and privacy laws and current issues affecting access and privacy

The Commissioner is an officer of the Legislature who is appointed by and reports to the Legislative Assembly of Ontario, and is independent of the government of the day.