2016 Annual Report - Ontario’s Information and Privacy Commissioner calls for legislation to manage the privacy risks of big data in the public sector
TORONTO, ON (June 19, 2017) – In his 2016 Annual Report, Facing Challenges Together, Ontario’s Information and Privacy Commissioner, Brian Beamish, is calling for a number of legislative changes to enhance both access to information and protection of privacy in Ontario. One proposal is for the government to enact legislation that would allow public institutions to share personal information for policy and research purposes while protecting individual privacy by establishing a strong, government-wide framework for big data programs.
Ontario’s access and privacy laws were drafted before the rapid advancement in information technology and its capacity to process enormous volumes of information from multiple sources. The amount of data now available to Ontario’s public institutions combined with sophisticated analytical tools is driving these institutions to pursue the many benefits of big data. These include improved policy and program development, enhanced system planning, efficient resource allocation and performance monitoring.
While the Commissioner supports improved services to the public and a more efficient government, he cautions that personal privacy must be safeguarded. He is calling on the government to enact legislation that expressly authorizes information sharing for policy and research purposes and provides a strong, government-wide framework for data integration projects. Legislative changes that support big data projects and information sharing among institutions should be accompanied by accountable, effective governance and oversight.
Quote
“We now live in the era of big data, where information technology holds the promise of creating a more efficient and responsive public service. However, we must not overlook the risks to privacy in pursuit of the benefits. It is possible to use big data in a privacy-protective manner but it will require fundamental changes to privacy legislation, involving government, citizens, and regulators.”
~ Brian Beamish, Information and Privacy Commissioner of Ontario
This recommendation is one of several tabled by the Commissioner in his 2016 annual report. Further recommendations include:
- Clarify Solicitor-Client Privilege Exemption - Ontario’s access laws should be amended to affirm the power of the IPC to access documents for which institutions claim the solicitor-client privilege exemption. Amendments should explicitly state that providing records to the IPC does not constitute a waiver of solicitor-client privilege. Amendments will ensure that the IPC’s ability to adjudicate the solicitor-client privilege exemption is not undermined.
- Framework for Electronic Health Records – Provisions in Bill 119, the Health Information Protection Act, relating to the shared provincial electronic health record have yet to be proclaimed, and are essential for ensuring that an effective governance framework is in place. The Commissioner is urging the government to move forward with proclamation of these provisions to ensure patient privacy and the protection of personal health information (PHI).
- Increased Transparency of Ontario’s Medical System – Bill 84, the Medical Assistance in Dying Statute Law Amendment Act excludes access to information identifying medical facilities that provide assisted dying services. Despite the IPC’s recommendation, amendments to the bill were not included to make this information accessible. The Commissioner urges health care institutions to disclose this information.
- Ensure the Security of Abandoned Health Records - A comprehensive multi-prong approach, including legislation, is needed to ensure that health records are properly secured when a health information custodian ceases to practice and that those records are available to patients on request.
- Public Disclosure of Health Privacy Breach Prosecutions – The government should routinely publicize the details of health privacy breach prosecutions to send a strong message that unauthorized access to PHI will not be tolerated.
- Routine Audits of Freedom of Information Practices - All Ontario institutions – municipal and provincial – should routinely review their FOI practices to apply consistent and correct practices to managing access requests.
The Commissioner’s full recommendations, the year in review and comprehensive statistics including freedom of information requests, compliance rates, appeals and privacy complaints are available in the IPC 2016 Annual Report, Facing Challenges Together.
Media Contact:
Jason Papadimos
Senior Communications Advisor
416-326-3965
@email
Media Contact
For a quick response, kindly e-mail or phone us with details of your request such as media outlet, topic, and deadline:
Email: @email
Telephone: 416-326-3965
Social Media
The IPC maintains channels on LinkedIn, X (formerly Twitter), YouTube and Instagram in its efforts to communicate to Ontarians and others interested in privacy, access and related issues.