Toronto Public Library cyberattack: A wake-up call for stronger security … Case of Note: File MR23-00112 Background In November 2023, the Toronto Public Library (TPL) reported a cybersecurity breach to the Office of the Information and Privacy Commissioner of Ontario (IPC). The breach, which …
Ensuring secure disposal of health records: Out of sight is not out of mind! … Case of Note: PHIPA Decision 266 Background A complaint was brought to the Information and Privacy Commissioner of Ontario (IPC) alleging that a health clinic had failed to securely dispose of records of personal health …
Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA … A cyberattack on the Toronto Public Library exposed vulnerabilities in its systems that contained a significant number of individuals’ personal information. Read the …
Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter … Case of Note: PHIPA Decision 260 Background A public hospital was alerted to suspicious activity on a patient chart, and initiated an investigation, which included a targeted audit. The audit …
Reported Breach HR23-00282 … A prescribed person under the Personal Health Information Protection Act reported a breach to the IPC regarding a cyberattack that involved the unauthorized copying of approximately 3.4 million individuals’ personal health information from the prescribed person’s secure …
Practice Direction #5 - Direction to Institutions When Making Representations … In effect September 9, 2024. … Practice Direction #5 - Direction to Institutions When Making …
Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an Appeal … Formerly Practice Direction #4. Repealed as of September 9, 2024. … Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an …
Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an Appeal … Formerly Practice Direction #3. Repealed as of September 9, 2024. … Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an …
Practice Direction #2 - Participating in a Written FIPPA or MFIPPA Inquiry … In effect September 9, 2024. … Practice Direction #2 - Participating in a Written FIPPA or MFIPPA …
Practice Direction #1 - Providing Records to the IPC During an Appeal … In effect September 9, 2024. … Practice Direction #1 - Providing Records to the IPC During an …
Ransomware reality: Case study in health care cybersecurity and recovery … Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and cause harm to others. As these types of …
Practice Direction #13 - Expedited Processes … Practice Direction 13 outlines the IPC’s new expedited process to resolve certain access appeals and complaints more quickly, so parties can get to resolution sooner. This new practice direction falls under the IPC's code of procedure for access to …
IPC launches new expedited process … The IPC has launched a new expedited process to resolve certain access appeals and complaints more quickly, so parties can get to resolution sooner. The expedited process applies to certain types of access to information appeals under the Freedom of Information …
Cyberattack response: Duty to notify individuals under PHIPA and CYFSA … Background The following decisions involved different cyberattacks against four different organizations. Three involved health information custodians (HICs) subject to the Personal Health Information Protection Act (PHIPA), …
Ransomware reality: Case study in health care cybersecurity and recovery … Case of Note: PHIPA Decision 249 Introduction Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and …
Notice of change to PHIPA Practice Direction #3 … Document Updated: A change to PHIPA Practice Direction #3 took effect on October 10, 2023. Learn more As of October 10, 2023 , the IPC may publish PHIPA decisions at any stage of dispute resolution, including early resolution, investigation, and …
How to Protect Against Ransomware … This fact sheet from the IPC discusses how ransomware has become an increasingly dangerous threat to the security of electronic records and provides guidance on how public institutions and healthcare organizations can protect themselves against it. … How to …