2017 Annual Report: Thirty Years of Access and Privacy Service

2017 was a milestone year for the Office of the information and Privacy Commissioner, one in which my office proudly celebrated 30 years of service on behalf of all Ontarians. Today I was pleased to release our 2017 Annual Report, Thirty Years of Access and Privacy Service, in which I call for a number of legislative changes to enhance both access to information and protection of privacy in Ontario.

Among my recommendations is a call to expand the IPC’s oversight to include Ontario’s political parties.
Recent events have illuminated how political parties collect and use personal information to target individuals in specific and unique ways for political gain. Digital tools amass extensive amounts of personal information from diverse sources, frequently without the knowledge or consent of the individual. These increasingly sophisticated big data practices raise new privacy and ethical concerns and the need for greater transparency is evident.

Personal information held by political parties can also be vulnerable to cybersecurity threats and privacy breaches. Given that political parties operate outside of privacy laws, there is little recourse for those impacted by a privacy breach.  Subjecting Ontario’s political parties to privacy regulation and oversight will help to address the privacy, ethical and security risks associated with how political parties collect and use personal information.

My office also tabled the following recommendations in this year’s report:

Enact legislation that provides a strong, government-wide big data framework – Ontario’s access and privacy laws were drafted 30 years ago and are poised for a legislative fix. I continue to urge the government to bring these laws in line with modern technology and information-sharing practices and to include a consistent, privacy-protective framework for big data and data integration.

Ensure smart city initiatives are privacy protective – Smart cities have the potential to improve many aspects of our lives; however, communities must recognize the corresponding privacy concerns. I strongly recommend communities carry out thorough privacy impact assessments to identify and address the privacy risks associated with these projects.

Implement MOU for police services who adopt the use of the Philadelphia Model – I strongly encourage police services across the province who adopt the use of the U.S.-based Philadelphia Model – where police and women’s advocates regularly review closed sexual assault files to identify any investigative shortcomings − to put in place a privacy-protective framework using the model MOU and confidentiality agreement developed by my office, the Kingston and Ottawa police, the Ottawa Rape Crisis Centre and other stakeholders.
Amend Ontario’s access laws to affirm IPC’s power to compel the production of records

Once again, I am calling on the Ontario government to amend FIPPA and MFIPPA to clarify and affirm the IPC’s power to compel records, including those subject to a claim of solicitor-client privilege, and that providing records to the IPC does not constitute a waiver of this privilege.

My full recommendations, the year in review and comprehensive statistics including freedom of information requests, compliance rates, appeals and privacy complaints are available in the IPC 2017 annual report, Thirty Years of Access and Privacy Service. The report also includes a special anniversary retrospective, highlighting the IPC’s 30-year legacy.