Ontario‘s Information and Privacy Commissioner, Patricia Kosseim, has issued a call to action urging the provincial government to bolster regulatory frameworks aimed at safeguarding Ontarians’ personal information in the digital age.
Highlighting concerns over cybersecurity vulnerabilities, commercialization of children’s data, and the unregulated use of artificial intelligence (AI) technologies, Commissioner Kosseim emphasized the need for robust legislative measures and enhanced oversight.
The Commissioner’s plea comes as part of the 2024 annual report titled, ‘From Vision to Impact: Five Years of Privacy and Transparency in a Digital Ontario,’ released by the Office of the Information and Privacy Commissioner of Ontario (IPC). The report underscores critical gaps in current regulations, particularly following the enactment of the Enhancing Digital Security and Trust Act (EDSTA) under Bill 194, which amended the Freedom of Information and Protection of Privacy Act (FIPPA).
“In a world where trust is increasingly hard to come by, Ontarians deserve clear rules, strong safeguards, and full transparency from their institutions,” stated Commissioner Kosseim. “Whether it’s how decisions are made, how personal data is used, or how emerging technologies are governed, our office will continue pushing for real accountability, because public trust is the foundation of a healthy democracy.”
Key recommendations outlined in the IPC’s report include binding guardrails and independent oversight for AI use in the public sector, robust cybersecurity measures to protect sensitive information, and enhanced protections for children’s digital data.
The IPC also calls for alignment between the Municipal Freedom of Information and Protection of Privacy Act and FIPPA to ensure consistent privacy rights across Ontario’s public sector.
Furthermore, the report scrutinizes the government’s handling of access-to-information requests related to Greenbelt land removal decisions, revealing systemic issues such as the use of personal devices for official business and inadequate documentation practices.
Also Read: Close International Cooperation Key to Ensuring Global Cybersecurity Standards
The IPC also advocates for stricter record-keeping policies, prohibiting the use of personal accounts for government-related activities, and implementing rigorous monitoring and retention measures to restore transparency and accountability.
As Ontario navigates the complexities of a digital health system, the IPC emphasizes the importance of embedding privacy-enhancing principles into the design of digital health IDs and strengthening accountability measures under the Personal Health Information Protection Act.
