Dernières décisions

On May 25, 2016, the Office of the Information and Privacy Commissioner/Ontario received an appeal under the Municipal Freedom of Information and Protection of Privacy Act (the Act) in relation to an access decision issued by the Township of McGarry (the Township). During the processing of the appeal, the lawyer for the Township wrote to the affected parties in order to notify them of the access request and to obtain consent to disclose the information related to them that had been identified as responsive to the access request.
In correspondence to the affected parties, the Township’s lawyer disclosed the name of the individual who sought access to the requested information. This Report finds that the information disclosed was personal information and that the disclosure was not in accordance with section 32 of the Act.
This Report also finds that the Mayor is the “head” of the Township, and that the head has not complied with section 3(1) of Ontario Regulation 832. Specifically, the head has not ensured that the Township has defined, documented and put in place reasonable measures to prevent and respond to unauthorized use or disclosure of records containing or revealing the identity of a requester.

The Office of the Information and Privacy Commissioner of Ontario received a complaint alleging that the Hamilton-Wentworth District School Board (the Board) contravened the Municipal Freedom of Information and Protection of Privacy Act (the Act) when it disclosed a student’s personal information to a photography vendor. I conclude that the collection and use of students’ photographs for administrative purposes is in accordance with sections 28(2) and 31 of the Act, respectively. As well, I find that the Board’s notice of collection complies with section 29(2) of the Act and that the Board’s Service Agreement with the vendor included adequate provisions with respect to the protection of the students’ personal information. Furthermore, while I conclude that the Board’s disclosure of students’ personal information to the vendor for administrative and limited marketing purposes was in accordance with section 32 of the Act, I find that the disclosure for the vendor’s Pictures2Protect Program was not.

The Office of the Information and Privacy Commissioner of Ontario received a complaint alleging that the Toronto District School Board (the Board) contravened the Municipal Freedom of Information and Protection of Privacy Act (the Act) when it disclosed a student’s personal information to a photography vendor who in turn contacted the student’s parents to advertise their services. I conclude that the collection and use of students’ photographs for administrative purposes is in accordance with sections 28(2) and 31 of the Act, respectively and that the Board’s disclosure of students’ personal information to the vendor for administrative and limited marketing purposes was in accordance with section 32 of the Act. I also conclude that the notice of collection of student photographs does not comply with section 29(2) of the Act; nor did the Board’s Service Agreement with the vendor include adequate provisions with respect to the protection of students’ personal information.

The Office of the Information and Privacy Commissioner (the IPC) received information that the Peel District School Board (the Board) may have contravened the Municipal Freedom of Information and Protection of Privacy Act (the Act) when one of its teachers allegedly disclosed the names of students who had Individual Education Plans (IEPs) to her spouse, an investment representative, so that he could solicit business from their parents. In response, the IPC opened a Commissioner-initiated privacy complaint file to determine if the Board’s actions were consistent with the requirements of the Act. In this Privacy Complaint Report, I find that the information at issue is personal information and that the disclosure of students’ personal information from a Special Education Teacher to another teacher did not comply with section 32 of the Act. I also find that the Board’s use of students’ personal information, through the actions of the teacher, did not comply with section 31 of the Act. This report recommends that the Board require all staff sign confidentiality agreements when they are hired by the Board and annually thereafter.

The Office of the Information and Privacy Commissioner of Ontario opened a Commissioner initiated privacy complaint under the Municipal Freedom of Information and Protection of Privacy Act (the Act), against the City of Toronto (the city). The complaint relates to concerns regarding the collection of information belonging to licensed body-rubbers by the City of Toronto. In this Privacy Complaint Report I conclude that a body-rubber licensee’s salary, commencement date and termination date is personal information and that the collection of this information is in accordance with section 28(2) of the Act.
This report recommends that the City of Toronto amend section 545-337 of the Toronto Municipal Code, Chapter 545, Licensing to reflect the City of Toronto’s practice of collecting the written contracts of services when there is a specific bylaw investigation.

The Office of the Information and Privacy Commissioner/Ontario (IPC) received a privacy complaint from an individual involving the Town of South Bruce Peninsula (the town). The complainant was concerned that the town had improperly disclosed his personal information to another individual, without notice, in contravention of the Municipal Freedom of Information and Protection of Privacy Act. This Report finds that the town’s disclosure of the complainant’s personal information was not in accordance with section 32 of the Act.

The Office of the Information and Privacy Commissioner of Ontario (IPC) was contacted by Innisfil Hydro Distribution Systems Limited (Innpower) to report a privacy breach under the Municipal Freedom of Information and Protection of Privacy Act (the Act). Innpower informed the IPC that the laptop of one of its contractors had been stolen from a university library and that the laptop contained the unencrypted personal information of its customers. Given that the unencrypted personal information was disclosed by way of a theft, the disclosure was not consistent with section 32 of the Act. This report finds that Innpower responded adequately to the breach.

The complainant, a patient of Dr. Philip Solomon, requested that Dr. Solomon disclose to another health information custodian records of her personal health information relating to a specified treatment. The complainant subsequently amended her consent in a number of follow-up communications with Dr. Solomon and his office.
In this decision, the adjudicator makes findings on the scope of the complainant’s consent to the disclosure of her personal health information following various amendments to her consent. The adjudicator concludes that Dr. Solomon disclosed to the recipient doctor some personal health information of the complainant outside the scope of the complainant’s consent, and in contravention of the Personal Health Information Protection Act, 2004. Dr. Solomon is ordered to develop and implement a written information practice that addresses how consents from patients to the disclosure of their personal health information are to be processed, documented and clarified.

The Office of the Information and Privacy Commissioner/Ontario opened a Commissioner Initiated Privacy Complaint under the Freedom of Information and Protection of Privacy Act (the Act), against the Ministry of Community Safety and Correctional Services (the ministry). The complaint relates to concerns regarding the collection and destruction of personal information contained in a recording which was made by a police officer with his personal cell phone during a traffic stop. In this Privacy Complaint Report I conclude that I am unable to make a finding as to whether the record at issue contained personal information as defined in section 2(1) of the Act, however, I conclude that if the recording had contained the personal information of the requester, it would have been an authorized collection under section 38(2).
This Report also considers whether the ministry has measures in place to ensure the preservation of records in its custody or control and recommends that the Ontario Provincial Police amend its Personal Electronic Device Policy.

The Office of the Information and Privacy Commissioner received identical complaints from two individuals (the complainants), alleging that the Ottawa Police Service (the police) inappropriately disclosed personal information pertaining to criminal charges against the complainants, to their employer, Correctional Services Canada (CSC), contrary to the Municipal Freedom of Information and Protection of Privacy Act (the Act). In January 2017, all criminal charges against the complainants were withdrawn. This Privacy Complaint Report concludes that the police’s disclosure of the complainants’ personal information to CSC was not consistent with section 32 of the Act.

The Office of the Information and Privacy Commissioner of Ontario received a complaint alleging that the Township of McGarry (the Township) contravened the Municipal Freedom of Information and Protection of Privacy Act (the Act) when it disclosed a resident’s personal information to a third-party who in turn contacted the resident to advertise their services. The Privacy Complaint Report concludes that the Township’s use and disclosure of the personal information was not in accordance with sections 31 and 32 of the Act.

The Ministry of Finance (the ministry) received an access request under the Freedom of Information and Protection of Privacy Act (FIPPA) for non-public communications from the Insurance Bureau of Canada (IBC), as well as follow-up exchanges, meeting notes and agendas on automobile insurance topics. The ministry denied access to the records in full or in part, citing the mandatory Cabinet records exemption in section 12(1) and the discretionary advice or recommendations exemption in section 13(1). This order finds that the records are not exempt under these exemptions.

The complainant sought access to records of her personal health information from Dr. Mary Elizabeth McIntyre (Dr. McIntyre). This order determines that Dr. McIntyre is deemed to have refused the complainant’s request for access. Dr. McIntyre is ordered to provide a response to the complainant regarding her request for access to records of her personal health information in accordance with the Personal Health Information Protection Act, 2004, and without recourse to a time extension, no later than February 10, 2017.

The complainants, the daughters of a deceased patient of Dr. Fausto Michael Cianfrone and Woodview Medical Pharmacy (the pharmacy), filed complaints about the pharmacy’s disclosure to Dr. Cianfrone, and Dr. Cianfrone’s concomitant collection, and subsequent use and disclosure, of their mother’s prescription information after her death. This information was relevant to an investigation by the College of Physicians and Surgeons of Ontario into the complainants’ allegations about Dr. Cianfrone’s treatment and care of their mother before her death, particularly in relation to his prescribing of medication to her.
In this decision, the adjudicator dismisses the doctor’s and the pharmacy’s claims that they had the mother’s consent to collect, use and disclose her personal health information after her death. She finds, however, that the collection, use and disclosure were permitted to be made without consent under the Personal Health Information Protection Act, 2004 (the Act). In particular, she accepts that the pharmacy’s disclosure of the mother’s prescription information to the doctor was permitted to be made without consent under section 39(1)(d) of the Act, which permits the sharing of a patient’s information between health care providers of that patient for quality of care purposes. She finds that the doctor’s collection, use and disclosure of this same information were permitted to be made without consent under sections 36(1)(g) (collection where disclosure permitted or required by law), 37(1)(b) (use for purpose for which disclosure permitted or required by law) and 43(1)(b) (disclosure to a College) of the Act. She concludes that there has been no breach of the Act.

The Office of the Information and Privacy Commissioner of Ontario received a complaint alleging that the Hamilton-Wentworth Catholic School Board (the Board) contravened the Municipal Freedom of Information and Protection of Privacy Act (the Act) when it disclosed the complainant’s son’s Ontario School Record (OSR) during a proceeding filed against the Board with the Human Rights Tribunal of Ontario (HRTO). The Privacy Complaint Report concludes that the Act prevails over the confidentiality provisions in sections 266(2) and 266(10) of the Education Act. The Board’s disclosure of the personal information from the OSR to the HRTO was in accordance with section 51 of the Act.