Search

Displaying 1 - 20 of 88

Toronto Public Library cyberattack: A wake-up call for stronger security

Toronto Public Library cyberattack: A wake-up call for stronger security … Case of Note: File MR23-00112 Background In November 2023, the Toronto Public Library (TPL) reported a cybersecurity breach to the Office of the Information and Privacy Commissioner of Ontario (IPC). The breach, which …

Resource

- Published on March 14, 2025

Ensuring secure disposal of health records: Out of sight is not out of mind!

Ensuring secure disposal of health records: Out of sight is not out of mind! … Case of Note: PHIPA Decision 266 Background A complaint was brought to the Information and Privacy Commissioner of Ontario (IPC) alleging that a health clinic had failed to securely dispose of records of personal health …

Resource

- Published on February 10, 2025

Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA

Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA … A cyberattack on the Toronto Public Library exposed vulnerabilities in its systems that contained a significant number of individuals’ personal information. Read the …

Resource

- Published on December 19, 2024

Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter

Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter … Case of Note: PHIPA Decision 260 Background A public hospital was alerted to suspicious activity on a patient chart, and initiated an investigation, which included a targeted audit. The audit …

Resource

- Published on November 18, 2024

Reported Breach HR23-00282

Reported Breach HR23-00282 … A prescribed person under the Personal Health Information Protection Act reported a breach to the IPC regarding a cyberattack that involved the unauthorized copying of approximately 3.4 million individuals’ personal health information from the prescribed person’s secure …

Resource

- Published on August 14, 2024

Practice Direction #7 - Sharing of Representations

Practice Direction #7 - Sharing of Representations … In effect September 9, 2024. … Practice Direction #7 - Sharing of Representations …

Resource

- Published on August 9, 2024

Practice Direction #6 - Affidavit and Other Evidence

Practice Direction #6 - Affidavit and Other Evidence … In effect September 9, 2024. … Practice Direction #6 - Affidavit and Other Evidence …

Resource

- Published on August 9, 2024

Practice Direction #5 - Direction to Institutions When Making Representations

Practice Direction #5 - Direction to Institutions When Making Representations … In effect September 9, 2024. … Practice Direction #5 - Direction to Institutions When Making …

Resource

- Published on August 9, 2024

Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an Appeal

Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an Appeal … Formerly Practice Direction #4. Repealed as of September 9, 2024. … Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an …

Resource

- Published on August 9, 2024

Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an Appeal

Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an Appeal … Formerly Practice Direction #3. Repealed as of September 9, 2024. … Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an …

Resource

- Published on August 9, 2024

Practice Direction #2 - Participating in a Written FIPPA or MFIPPA Inquiry

Practice Direction #2 - Participating in a Written FIPPA or MFIPPA Inquiry … In effect September 9, 2024. … Practice Direction #2 - Participating in a Written FIPPA or MFIPPA …

Resource

- Published on August 9, 2024

Practice Direction #1 - Providing Records to the IPC During an Appeal

Practice Direction #1 - Providing Records to the IPC During an Appeal … In effect September 9, 2024. … Practice Direction #1 - Providing Records to the IPC During an …

Resource

- Published on August 9, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and cause harm to others. As these types of …

Resource

- Published on July 18, 2024

Practice Direction #13 - Expedited Processes

Practice Direction #13 - Expedited Processes … Practice Direction 13 outlines the IPC’s new expedited process to resolve certain access appeals and complaints more quickly, so parties can get to resolution sooner. This new practice direction falls under the IPC's code of procedure for access to …

Resource

- Published on July 9, 2024

IPC launches new expedited process

IPC launches new expedited process … The IPC has launched a new expedited process to resolve certain access appeals and complaints more quickly, so parties can get to resolution sooner. The expedited process applies to certain types of access to information appeals under the Freedom of Information …

Resource

- Published on July 9, 2024

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA … Background The following decisions involved different cyberattacks against four different organizations. Three involved health information custodians (HICs) subject to the Personal Health Information Protection Act (PHIPA), …

Basic page

- Published on August 2, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Case of Note: PHIPA Decision 249 Introduction Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and …

Basic page

- Published on July 18, 2024

Notice of change to PHIPA Practice Direction #3

Notice of change to PHIPA Practice Direction #3 … Document Updated: A change to PHIPA Practice Direction #3 took effect on October 10, 2023. Learn more As of October 10, 2023 , the IPC may publish PHIPA decisions at any stage of dispute resolution, including early resolution, investigation, and …

Resource

- Published on September 6, 2023

How to Protect Against Ransomware

How to Protect Against Ransomware … This fact sheet from the IPC discusses how ransomware has become an increasingly dangerous threat to the security of electronic records and provides guidance on how public institutions and healthcare organizations can protect themselves against it. … How to …

Resource

- Published on October 13, 2022

Public interest disclosure

Public interest disclosure … Public interest disclosure …

Resource

- Published on September 29, 2021