Workplace surveillance can take many forms, from monitoring employee productivity, tracking online activity or even as part of the hiring process. The IPC commissioned Dr. Adam Molnar, Assistant Professor, Sociology and Legal Studies at the University of Waterloo, to produce an overview of workplace
Case of Note: File MR23-00112 Background In November 2023, the Toronto Public Library (TPL) reported a cybersecurity breach to the Office of the Information and Privacy Commissioner of Ontario (IPC). The breach, which related to a ransomware attack, was first detected in October 2023 when TPL
A cybersecurity attack on Innomar Strategies’ systems resulted in the exfiltration of a significant number of individuals’ personal health information. The threat actor(s) gained access to an affiliate through a system vulnerability and moved laterally to gain access to Innomar’s systems. Read the
On January 28, 2025, the IPC had the pleasure of hosting Ontarians at a public event in celebration of Data Privacy Day. The theme was the Power of PETs: Privacy Enhancing Technologies. A recording of the event is available on our YouTube channel and my opening remarks, for those of you interested
A social engineering attack at a TDSB high school led to the unauthorized access of personal information belonging to current and former students, parents and staff across several schools. The threat actor gained unauthorized access to the affected schools’ systems by obtaining the login credentials
A cyberattack on the Toronto Public Library exposed vulnerabilities in its systems that contained a significant number of individuals’ personal information. Read the closing letter to learn about how the case was settled at the Early Resolution Stage.
This publication outlines the key obligations of police under privacy legislation in their use of ALPR systems. This is an update of the guidance document originally published in 2017, and provides recommendations, including best practices, on using these systems in a privacy-protective manner
Tuesday, January 28, 2025 9:15 a.m. to 12:00 p.m. EST Toronto ( MaRS Discovery District ) and online Join Commissioner Kosseim for a panel discussion with privacy experts from the public and private sectors, academia, and law to gain a clearer understanding of what privacy enhancing technologies are
A prescribed person under the Personal Health Information Protection Act reported a breach to the IPC regarding a cyberattack that involved the unauthorized copying of approximately 3.4 million individuals’ personal health information from the prescribed person’s secure file transfer server. The
