The summer of 2017 went by fast at the IPC! As we were busy conducting our normal activities, we were also preparing guidance for health care providers on the important amendments to Ontario’s health privacy law.
Some of the amendments to the Personal Health Information Protection Act (PHIPA) were proclaimed earlier this year, but soon the mandatory breach reporting provisions will come into force. As of October 1, it will be mandatory for health information custodians, such as hospitals, medical clinics, long-term care facilities and other similar institutions, to report certain privacy breaches to my office. Of course, PHIPA continues to require health care providers to notify patients if their privacy has been breached; this has been the rule since PHIPA became law in 2004.
To help health care providers understand the new requirements under PHIPA, we published helpful guidelines, Mandatory PHIPA breach reporting, and we updated our website to include the PHIPA Regulation and a practical Breach Reporting Form.
New Publications/Fact Sheets
As part of our role to educate the public on access and privacy issues under the Freedom of Information and Protection of Privacy Act (FIPPA) and the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), we regularly publish informative fact sheets that cover aspects of these laws.
We recently released Frivolous and Vexatious Requests, a fact sheet that explains what a frivolous or vexatious request is and what a requester can do if an institution claims their freedom of information request is frivolous or vexatious.
September 25 to 29 is Right to Know Week, celebrated around the world in an effort to raise awareness about people’s right to access government information, which is an important element of democracy and good governance. To launch the week, we’ll have a booth at Toronto’s Word on the Street festival on Sunday, September 24. I hope you will drop by to pick up resources or ask your question!
Also during Right to Know Week, we will be releasing a webinar video examining the relationship between Records Information Management (RIM) and Ontario’s access and privacy laws. I encourage you to watch to learn about topics such as retention schedules, secure destruction, using personal email to conduct public business and duty to document.
This just in September 26!
I am currently at the 39th International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Hong Kong. Today, the winning entries were announced for the inaugural ICDPPC Global Privacy and Data Protection Awards, and I am pleased to share the great news that our De-identification Guidelines for Structured Data entry won in the research category. The awards attracted 90 entries from data protection and privacy authorities around the world.
Our guidelines are the first of their kind in Canada to use plain language to explain sophisticated de-identification concepts and technical processes, with the benefit of being useful to a very wide audience. To have our efforts recognized on the global stage is especially gratifying. I was honoured to accept the award on behalf of the IPC.
This is just a quick overview of our most recent work. I’ll have further news in the next few months especially with regard to our mandate, which will soon expand to include children’s aid societies and other agencies that support children and youth.
Reach out to Us
I place great importance on working collaboratively with our stakeholders and ensuring Ontarians know their rights when it comes to freedom of information and privacy.
This post is also available in: French