Ontario’s Information and Privacy Commissioner Calls for Privacy Regulation and Oversight of Province’s Political Parties

TORONTO, ON (June 14, 2018) – In his 2017 Annual Report, Thirty Years of Access and Privacy Service, Ontario’s Information and Privacy Commissioner, Brian Beamish, is calling for a number of legislative changes to enhance both access to information and protection of privacy in Ontario. One proposed recommendation is to expand the Commissioner’s oversight to include Ontario’s political parties.

Recent events have illuminated how political parties collect and use personal information to target individuals in specific and unique ways for political gain. Digital tools amass extensive amounts of personal information from diverse sources, frequently without the knowledge or consent of the individual.  These increasingly sophisticated big data practices raise new privacy and ethical concerns and the need for greater transparency is evident.

Personal information held by political parties can also be vulnerable to cybersecurity threats and privacy breaches.  Given that political parties operate outside of privacy laws, there is little recourse for those impacted by a privacy breach.  Subjecting Ontario’s political parties to privacy regulation and oversight will help to address the privacy, ethical and security risks associated with how political parties collect and use personal information.

“Each expansion of the IPC’s mandate over the past 30 years has brought greater access to information, more government transparency and increased privacy rights for Ontarians. Updating our access and privacy laws is long overdue and necessary if they are to remain relevant and in line with the information age. The IPC is ready to work with institutions and assist wherever we can – together, we can help to ensure that Ontarians’ access and privacy rights are strongly protected well into the future.”

~ Brian Beamish, Information and Privacy Commissioner of Ontario

This recommendation is one of several tabled by the Commissioner in his annual report. Further recommendations include:

  • Enact Legislation that Provides a Strong, Government-Wide Big Data Framework – Ontario’s access and privacy laws were drafted 30 years ago and are poised for a legislative fix. The Commissioner continues to urge the government to bring these laws in line with modern technology and information-sharing practices and to include a consistent, privacy-protective framework for big data and data integration.
  • Ensure Smart City Initiatives are Privacy Protective – Smart cities have the potential to improve many aspects of our lives; however, communities must recognize the corresponding privacy concerns. The Commissioner strongly recommends communities carry out thorough privacy impact assessments to identify and address the privacy risks associated with these projects.
  • Implement MOU for police services who adopt the use of the Philadelphia Model –The Commissioner strongly encourages police services across the province who adopt the use of the Philadelphia Model to put in place a privacy-protective framework.
  • Amend Ontario’s Access Laws to Affirm IPC’s Power to Compel the Production of Records –

Once again, the Commissioner is calling on the Ontario government to amend FIPPA and MFIPPA to clarify and affirm the IPC’s power to compel records, including those subject to a claim of solicitor-client privilege, and that providing records to the IPC does not constitute a waiver of this privilege.

The Commissioner’s full recommendations, the year in review and comprehensive statistics including freedom of information requests, compliance rates, appeals and privacy complaints are available in the IPC 2017 Annual Report, Thirty Years of Access and Privacy Service.  The report also includes a special anniversary retrospective, highlighting the IPC’s 30-year legacy.

Media Contact: