- Conseils aux organisations
-
Accès à l’information
- Gouvernement ouvert
- Répondre aux demandes d’accès à l’information
- Appels
- Questions fréquentes – Rapport statistique annuel
- Bulletins d’interprétation
- Politiques de la Division du tribunal administratif et du règlement des différends
- Code de procédure
- Guide sur la protection de la vie privée et l’accès à l’information dans les écoles de l’Ontario
- Questions fréquentes sur la LSEJF : Informations pour les prestataires de services
-
Protection de la vie privée
- Plaintes concernant la protection de la vie privée
- Protéger les renseignements personnels
- Gestion des atteintes à la vie privée
- Collecte, utilisation et divulgation de renseignements personnels
- L’anonymisation et autres mesures de protection de la vie privée
- Gestion des données et technologie
- Les services éducatifs en ligne : ce que les éducateurs doivent savoir
- La Charte de la protection de la vie privée numérique pour les écoles ontariennes
-
Santé
- Le signalement d'une atteinte à la vie privée au commissaire
- Collecte, utilisation et divulgation
- Rapport d’une atteinte à la vie privée
- Accès non autorisé
- Accès et rectification
- Processus de traitement des plaintes en vertu de la LPRPS
- La protection des renseignements personnels sur la santé
- Code de procédure - LPRPS
- Consultations politiques
Examens et approbations triennaux dans le cadre de la LPRPS
Where can I find the manual that sets out the requirements for review and approval?
The IPC issues manuals for the review and approval of prescribed entities, persons, and organizations. Each prescribed entity, person, or organization is expected to meet the requirements of the manual.
What may a prescribed entity, person, or organization do prior to initial approval?
Prescribed entities under the Personal Health Information Protection Act (PHIPA) may not collect personal health information under their authority as prescribed entities unless their practices and procedures are approved by the IPC.
Prescribed persons under PHIPA must put into place practices and procedures that are approved by the IPC every three years.
The prescribed organization under PHIPA must, by October 1, 2021, have in place and comply with practices and procedures approved by the IPC. In the meantime, the prescribed organization can proceed with operating under its authority as a prescribed organization.
Prescribed entities under the Child, Youth and Family Services Act (CYFSA) may, until January 1, 2021, collect personal information under their authority as prescribed entities, even if the IPC has not yet approved their practices and procedures. On and after January 1, 2021, prescribed entities under the CYFSA may not collect personal information under their authority as prescribed entities unless the IPC has approved their practices and procedures.
What happens during the initial review?
The first time the IPC reviews and approves the practices and procedures of a prescribed entity, person, or organization, we review all of the relevant policies, practices, and procedures. Our manuals set out the required content for the policies, practices, and procedures.
The IPC may schedule an on-site visit to review physical security measures. We may also specify actions that must be taken prior to our approval of a prescribed entity, person, or organization’s practices and procedures.
Once the prescribed entity, person, or organization has taken all necessary actions, we prepare a report that summarizes the review and prepare an approval letter. The IPC and the prescribed entity, person, or organization will make the following available on our website:
- the IPC’s report
- the IPC’s letter of approval
What is involved in subsequent reviews?
Entities, persons, and organizations that are prescribed under PHIPA, the Coroners Act, or the CYFSA must be reviewed by the IPC every three years and must submit a detailed written report on their practices and procedures, together with an affidavit signed by the head of the entity, person, or organization. To allow sufficient time for review, entities, persons, and organizations must submit these materials one year before the next approval date.
After we have completed the review, we send a letter indicating whether the policies and procedures are approved.
Once the IPC has granted approval, the IPC and the prescribed entity, person, or organization will make the following publicly available:
- the report of the prescribed entity, person, or organization
- the IPC’s letter of approval
- the affidavit signed by the head of the entity, person, or organization
The affidavit must be signed by the head of the entity, person, or organization because they are ultimately accountable for ensuring compliance. By signing the affidavit, the head of the organization confirms that the practices and procedures of the entity, person, or organization comply with both the law and the requirements of the manual.
What happens if the practices and procedures are not approved in a subsequent review?
An entity, person, or organization may not continue to operate under its authorities as a prescribed entity, person, or organization unless it has submitted a detailed written report and accompanying affidavit to the IPC and we have provided written confirmation that it continues to meet the requirements.
Do all of the three-year reviews and approvals occur at the same time?
The IPC tries to conduct all three-year reviews and approvals at the same time. If an entity, person, or organization receives approval in an intermediate year, the approval may be granted for a period shorter than three years to ensure the next review falls within the same period as the other three-year reviews and approvals.
Where can I find documentation related to previous reviews and approvals?
The reports, letters of approval, and affidavits for every review and approval are publicly available.