Professional Guidelines

Thinking About Clouds? Privacy, security and compliance considerations for Ontario public sector institutions

The IPC has prepared this new guidance document, Thinking About Clouds? Privacy, security and compliance considerations for Ontario public sector institutions, to help institutions evaluate whether cloud computing services are suitable for their information management needs. In particular, it seeks to raise awareness of the risks associated with using cloud computing services and outlines some strategies to mitigate those risks.

Recommended mitigation strategies include appropriate project planning, co-ordination, and documentation, undertaking risk analyses, applying data minimization measures, due diligence investigation of the cloud provider, negotiating effective contracts, and having an incident management plan in place.

It is the responsibility of all public institutions in Ontario to maintain effective control of, and be fully accountability for, the personal information entrusted to them by the public they serve.

Help us improve our website. Was this page helpful?
When information is not found

Note:

  • You will not receive a direct reply. For further enquiries, please contact us at @email
  • Do not include any personal information, such as your name, social insurance number (SIN), home or business address, any case or files numbers or any personal health information.
  • For more information about this tool, please see our Privacy Policy.