Search

Displaying 1 - 20 of 103

Toronto Public Library cyberattack: A wake-up call for stronger security

Toronto Public Library cyberattack: A wake-up call for stronger security … Case of Note: File MR23-00112 Background In November 2023, the Toronto Public Library (TPL) reported a cybersecurity breach to the Office of the Information and Privacy Commissioner of Ontario (IPC). The breach, which …

Resource

- Published on March 14, 2025

Ensuring secure disposal of health records: Out of sight is not out of mind!

Ensuring secure disposal of health records: Out of sight is not out of mind! … Case of Note: PHIPA Decision 266 Background A complaint was brought to the Information and Privacy Commissioner of Ontario (IPC) alleging that a health clinic had failed to securely dispose of records of personal health …

Resource

- Published on February 10, 2025

Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA

Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA … A cyberattack on the Toronto Public Library exposed vulnerabilities in its systems that contained a significant number of individuals’ personal information. Read the …

Resource

- Published on December 19, 2024

Guidance on the Use of Automated Licence Plate Recognition Systems by Police Services

Guidance on the Use of Automated Licence Plate Recognition Systems by Police Services … This publication outlines the key obligations of police under privacy legislation in their use of ALPR systems. This is an update of the guidance document originally published in 2017, and provides …

Resource

- Published on December 16, 2024

Exploring the Potential for a Privacy Regulatory Sandbox for Ontario

Exploring the Potential for a Privacy Regulatory Sandbox for Ontario … Innovators, public institutions, and regulators are continually challenged by rapidly emerging technologies, such as artificial intelligence, and understanding how privacy laws apply to ensure compliance. This report, funded by …

Resource

- Published on December 11, 2024

Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter

Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter … Case of Note: PHIPA Decision 260 Background A public hospital was alerted to suspicious activity on a patient chart, and initiated an investigation, which included a targeted audit. The audit …

Resource

- Published on November 18, 2024

Reported Breach HR23-00282

Reported Breach HR23-00282 … A prescribed person under the Personal Health Information Protection Act reported a breach to the IPC regarding a cyberattack that involved the unauthorized copying of approximately 3.4 million individuals’ personal health information from the prescribed person’s secure …

Resource

- Published on August 14, 2024

Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an Appeal

Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an Appeal … Formerly Practice Direction #4. Repealed as of September 9, 2024. … Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an …

Resource

- Published on August 9, 2024

Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an Appeal

Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an Appeal … Formerly Practice Direction #3. Repealed as of September 9, 2024. … Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an …

Resource

- Published on August 9, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and cause harm to others. As these types of …

Resource

- Published on July 18, 2024

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA … Background The following decisions involved different cyberattacks against four different organizations. Three involved health information custodians (HICs) subject to the Personal Health Information Protection Act (PHIPA), …

Basic page

- Published on August 2, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Case of Note: PHIPA Decision 249 Introduction Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and …

Basic page

- Published on July 18, 2024

How to Protect Against Ransomware

How to Protect Against Ransomware … This fact sheet from the IPC discusses how ransomware has become an increasingly dangerous threat to the security of electronic records and provides guidance on how public institutions and healthcare organizations can protect themselves against it. … How to …

Resource

- Published on October 13, 2022