Showing 15 of 247 results
| Title | Topic | Type | Date | ||
|---|---|---|---|---|---|
| Research Report - Surveillance and Algorithmic Management at Work: Capabilities, Trends, and Legal Implications | Papers | Download | Read moreExpand | ||
| Workplace surveillance can take many forms, from monitoring employee productivity, tracking online activity or even as part of the hiring process. The IPC commissioned Dr. Adam Molnar, Assistant Professor, Sociology and Legal Studies at the University of Waterloo, to produce an overview of workplace surveillance technologies being used today, research documenting the impacts of surveillance on employees, and legal frameworks for protecting employee privacy in various jurisdictions. Explore more of our in-depth research reports by visiting our Research & Innovation Hub. |
|||||
| Interpretation Bulletin: Labour Relations | Interpretation Bulletins | Download | Read moreExpand | ||
| This interpretation bulletin outlines the labour relations or employment records exclusions, as set out in section 65(6) of the Freedom of Information and Privacy Protection Act (FIPPA) and section 52(3) of the Municipal Freedom of Information and Privacy Act (MFIPPA). It defines the key terms of the exclusions and addresses exceptions to the exclusions. |
|||||
| Toronto Public Library cyberattack: A wake-up call for stronger security | Case of Note | Read moreExpand | |||
Case of Note: File MR23-00112BackgroundIn November 2023, the Toronto Public Library (TPL) reported a cybersecurity breach to the Office of the Information and Privacy Commissioner of Ontario (IPC). The breach, which related to a ransomware attack, was first detected in October 2023 when TPL noticed suspicious activity on its network and learned that an unauthorized party had encrypted certain networks and stolen a significant number of files from its file server. TPL immediately responded by activating its Major Cyber Security Incident Playbook and Privacy Breach Protocol. It engaged its... |
|||||
| Innomar Strategies Cyberattack: Review of Security Practices and Recommendations | Letters | Download | Read moreExpand | ||
| A cybersecurity attack on Innomar Strategies’ systems resulted in the exfiltration of a significant number of individuals’ personal health information. The threat actor(s) gained access to an affiliate through a system vulnerability and moved laterally to gain access to Innomar’s systems. Read the closing letter to learn about how the case was resolved at the Early Resolution Stage. |
|||||
| Future of Privacy Forum Webinar Keynote: Safer Internet Day | Download | Read moreExpand | |||
| On Safer Internet Day, Commissioner Kosseim joined the Future of Privacy Forum’s webinar on protecting young people online, highlighting how strong security measures help safeguard their privacy, safety, and digital rights. |
|||||
| Ensuring secure disposal of health records: Out of sight is not out of mind! | Case of Note | Read moreExpand | |||
Case of Note: PHIPA Decision 266BackgroundA complaint was brought to the Information and Privacy Commissioner of Ontario (IPC) alleging that a health clinic had failed to securely dispose of records of personal health information (PHI). To support the allegations, photographs of patient records found discarded in an unsecured recycling bin were provided. The IPC wrote to the clinic to inquire into the allegations. The clinic provided a report to the IPC which raised additional concerns and the IPC initiated an investigation into the matter. The IPC investigator took custody of the records... |
|||||
| Lost and found: Preserving abandoned health records | Case of Note | Read moreExpand | |||
Case of Note: PHIPA Decision 221 (interim) and PHIPA Decision 230 (final)BackgroundThe Information and Privacy Commissioner of Ontario (IPC) was contacted about a case of potentially abandoned medical records at a storage facility. The report came from a property management company that was acting on behalf of a creditor of a medical clinic. The medical clinic had previously operated at a property that the creditor sold to a new owner. The IPC later learned that the property management company had taken possession of the property and the records (on behalf of the creditor) and moved the... |
|||||
| Toronto District School Board cyberattack: Recommendations for improved security | Letters | Download | Read moreExpand | ||
| A social engineering attack at a TDSB high school led to the unauthorized access of personal information belonging to current and former students, parents and staff across several schools. The threat actor gained unauthorized access to the affected schools’ systems by obtaining the login credentials of a school’s Vice-Principal (VP) through a social engineering attack and obtaining the login credentials for their OneDrive account from a browser cache connected to the Vice-Principal. The breach resulted in several recommendations to the TDSB by the IPC that will assist in improving its security... |
|||||
| Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA | Case of Note , Letters | Download | Read moreExpand | ||
| A cyberattack on the Toronto Public Library exposed vulnerabilities in its systems that contained a significant number of individuals’ personal information. Read the closing letter to learn about how the case was settled at the Early Resolution Stage. |
|||||
| Guidance on the Use of Automated Licence Plate Recognition Systems by Police Services | Best Practices , Papers , Professional Guidelines | Download | Read moreExpand | ||
| This publication outlines the key obligations of police under privacy legislation in their use of ALPR systems. This is an update of the guidance document originally published in 2017, and provides recommendations, including best practices, on using these systems in a privacy-protective manner. Originally published: July 2017Updated: December 2024 |
|||||
| Research Report: Exploring the Potential for a Privacy Regulatory Sandbox for Ontario | Papers | Download | Read moreExpand | ||
| Innovators, public institutions, and regulators are continually challenged by rapidly emerging technologies, such as artificial intelligence, and understanding how privacy laws apply to ensure compliance. This report, funded by the Social Sciences and Humanities Research Council, was co-authored by Dr. Teresa Scassa and Elif Nur Kumru of the University of Ottawa, in partnership with the IPC. It provides valuable insights on how privacy regulatory sandboxes can be used to support the development, testing, and validation of new products or services under a regulator’s supervision before they... |
|||||
| Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter | Case of Note | Read moreExpand | |||
Case of Note: PHIPA Decision 260BackgroundA public hospital was alerted to suspicious activity on a patient chart, and initiated an investigation, which included a targeted audit. The audit revealed that nearly 4,000 patient charts had been accessed by a physician without authorization, from a remote workstation outside of work hours. None of these patients were under the physician’s care. The physician admitted to accessing the electronic health records for educational purposes. The physician thought accessing the electronic health records of patients remotely for this purpose was permitted... |
|||||
| Interpretation Bulletin: Draft By-Law/Closed Meeting | Interpretation Bulletins | Download | Read moreExpand | ||
| Interpretation Bulletin: Cabinet Records | Interpretation Bulletins | Download | Read moreExpand | ||
| Interpretation Bulletin: Records Relating to an Ongoing Prosecution | Interpretation Bulletins | Download | Read moreExpand | ||
| This interpretation bulletin outlines the factors for determining how to apply the exclusion for records that relate to an ongoing prosecution, under section 65(5.2) of the Freedom of Information and Protection of Privacy Act (FIPPA) and section 52(2.1) of the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA). |
|||||