Our goal is to advance Ontarians’ privacy and access rights by working with public institutions to develop bedrock principles and comprehensive governance frameworks for the responsible and accountable deployment of digital technologies.
Ontario’s freedom of information law is based on the principle that every individual has a right to access government information. This right exists to ensure the public has the information it needs to participate meaningfully in the democratic process, and that politicians and bureaucrats remain accountable to the public.
There are, understandably, some necessary exceptions to the law. Those exceptions, written into the Freedom of Information and Protection of Privacy Act as “exemptions,” are designed to strike a balance between Ontarians’ fundamental right to know and the privacy and safety of individuals. They are also meant to be limited and specific. Labour relations, solicitor-client, and certain law enforcement records are examples of information that may be exempt from disclosure. The law also allows (rightly so) for the Premier and his cabinet to engage in free discussion of sensitive issues, in private. As such, cabinet documents cannot be disclosed if they reveal the substance of deliberations of the Executive Council or its committees.
Order PO-3973, which I issued on July 15, dealt with a request for the mandate letters sent by Premier Ford to all Ontario government ministers. Cabinet Office denied access to the letters based on the premise that, as cabinet documents, they are automatically exempt from disclosure. Mandate letters have become common across Canada as a means to provide direction to ministers of incoming governments. They are frequently made public.
After reviewing the mandate letters, I determined that they do not reveal government deliberations, the substance of any meetings, discussions, or any other options considered by the Premier’s Office. That is why I found that the exemption did not apply, and in Order PO-3973, I directed Cabinet Office to disclose the letters by August 16.
The purpose of our freedom of information law is to support the public’s ‘right to know.’ Unless government records are exempt, they should be disclosed to the public. In this case, the mandate letters do not qualify for exemption as cabinet documents. I ordered their release because Ontarians have a right to know what the government’s policy priorities are.
On August 14, my office received notice that the government intends to challenge my decision in court and prevent the release of the letters. Because it is now subject to a judicial review, I will not comment further on Order PO-3973, except to say that I stand by my decision, and hope to see a swift resolution.
There’s a new sensor on the block. Or at least there could be, if you’re living in the urban jungle of a smart city.
For those not familiar with it, smart city is a term to describe a community that uses connected technologies to collect and analyze data to improve services for citizens. An example could be energy conservation sensors that dim the streetlights when no pedestrians or cars are around. Or a real-time parking app that maps out where the nearest available public parking spot can be found.
The possibilities of smart city projects may seem endless, but the need for strong privacy protections must be a constant. This was the message our office and privacy protection authorities from across the country recently delivered to the minister in charge of the Government of Canada’s Smart Cities Challenge. The challenge invites communities from across Canada to submit proposals for projects and compete for funding to make their smart city dreams a reality.
It’s very exciting stuff, but it’s important that we don’t get too carried away. While evidence-based decision-making has the potential to move us forward, personal privacy rights cannot be an afterthought. Smart city technologies can collect, use and generate large amounts of data. Without strong safeguards in place, this could include sensitive personal information. This information could be used to track people as they go about their daily activities or fall into unscrupulous hands as the result of a cyberattack.
The aim of the letter is to engage in conversation with the minister’s office about the privacy risks associated with smart city initiatives and to raise awareness about what can be done to mitigate those risks. We also want to ensure that if financial support is provided for smart city proposals, it is limited to those that will be carried out in a privacy-protective way. To help achieve this, Canada’s access and privacy offices have also collectively offered to support the development of selection criteria and the evaluation of project scoring in this area.
Some municipalities are already implementing smart city technologies, highlighting the need for leadership in ensuring the protection of privacy rights. Our office will continue to engage on this very important issue in the months ahead.
This fact sheet provides guidance on how Ontario public institutions and health information custodians can securely destroy personal information when disposing of electronic media.
The IPC strongly supports Open Government initiatives and encourages Ontario institutions to be more open and transparent, and to enhance their engagement with the public. Without appropriate measures, however, institutions could face the following risks:
personal information may be published without authority
individuals may be re-identified by combining published de-identified data or other information
more personal information is collected, used or disclosed than is necessary
personal information may be used for unrelated purposes (for example, data profiling and mining)
Privacy is not a barrier to accomplishing the goals of Open Government as long as the appropriate protections are in place. Today we are issuing Open Government and Protecting Privacy to offer guidance for institutions on how to move towards increased government transparency without negatively affecting individuals’ privacy.
The IPC strongly supports Open Government initiatives and encourages Ontario institutions to be more open and transparent, and to enhance their engagement with the public. This document offers guidance for institutions on how to move towards increased government transparency without negatively affecting individuals’ privacy.
Commissioner Brian Beamish submitted comments to the Standing Committee on Social Policy on Bill 59, Schedule 2 of Bill 59, Putting Consumers First Act, 2016.
The Bill includes measures to enable better enforcement of payday lending practices. The submission focuses specifically on the privacy implications of a payday loan tracking database.
The Commissioner does not support any proposal to establish a central loan tracking database without first evaluating the effectiveness of other consumer protection measures contained in Bill 59. In his view, a government-controlled database, which involves the mandatory and systematic collection, use and disclosure of sensitive personal information of individuals resulting from their dealings with private-sector lenders, would be significantly invasive of personal privacy interests.
There are significant risks of unauthorized access to, and secondary uses of, the database and the sensitive financial and other personal information it would contain. Further, a tracking database has the potential to stigmatize a vulnerable sector of society and erode trust in government.
Consequently, the Commissioner recommends that further research and study be undertaken of the other consumer protection measures contained in the Bill.
The emergence of big data as a tool to manage and analyze large and complex data sets offers great promise and opportunity, but also raises serious privacy challenges and considerations, especially to personal privacy. Public and health sector institutions increasingly use big data tools to improve programs and public services and ensure they are supported by better evidence.
As the oversight agency for the Freedom of Information and Protection of Privacy Act, Municipal Freedom of Information and Protection of Privacy Act and the Personal Health Information Protection Act, the IPC is committed to ensuring that big data is used in a privacy protective way. Our office will continue to work closely with public and health care institutions in Ontario to ensure that your privacy rights are protected in the era of big data.
To further raise public awareness about privacy rights in a big data world, the IPC has also developed this new fact sheet to help you better understand what big data is and how it can impact your privacy.
