519-679-9660
519-679-9660Contact us
Harrison Pensa LLP
Contact us519-679-9660
    Ontario public sector privacy protection demonstrated with a man with glasses sitting in front of multiple computer screens in a workplace displaying graphs and data.

    13 February, 2025

    Changes to Ontario public sector privacy protection

    To increase cyber security and public sector privacy protection in Ontario, Bill 194 that we wrote about last June is now (for the most part) in force. It created a new statute called the Enhancing Digital Security and Trust Act, 2024, and amended FIPPA (Freedom of Information and Protection of Privacy Act).

    FIPPA applies to the provincial government and provincial government agencies. It is noteworthy that similar amendments were not made to MFIPPA, which is similar to FIPPA but applies to municipalities and quasi-municipal agencies.

    Public sector cyber security

    The Enhancing Digital Security and Trust Act, 2024 applies to Ontario public sector entities that are governed by FIPPA and MFIPPA.

    It sets out how those institutions must deal with cyber security requirements, use of AI, and use of information relating to people under 18.

    While the act is in force, it is a shell with virtually all the requirements to be set out in yet-to-be created regulations. So for now institutions can only get an idea of where this is headed and what they will have to do at a high level.

    FIPPA changes 2025

    Some FIPPA changes took effect on January 29, 2025, others will not be in effect until July 1, 2025.

    Entities subject to FIPPA will have to:

    • Keep records of and provide the Privacy Commissioner with an annual report of privacy breaches.
    • Do privacy impact assessments (PIAs) for any personal info they collect.
    • Report privacy breaches to the Privacy Commissioner and affected individuals if there is a real risk of significant harm.

    Public sector privacy protection in Ontario introduces a whistleblowing section saying that if anyone complains to the Commissioner that an institution has or is about to contravene FIPPA, they can request that their identity be kept confidential.

    It also grants the Commissioner more investigative and order-making powers.

    FIPPA and MFIPPA date back to 1988. These changes are somewhat similar to provisions in the federal Personal Information Protection and Electronic Documents Act (PIPEDA) private sector privacy law, and the Consumer Privacy Protection Act (CPPA) that died when Parliament was prorogued that was supposed to replace PIPEDA.

    David Canton is a business lawyer and trademark agent at Harrison Pensa with a practice focusing on technology, privacy law, technology companies and intellectual property. Connect with David on LinkedIn, Bluesky, and Twitter.

    Image credit: ©AI_images – stock.adobe.com

    A headshot of David Canton.
    About the author

    David Canton

    Consultant
    • Business Law & Financial Services,
    • Data Protection,
    • e-Commerce,
    • Information Technology,
    • Intellectual Property,
    • SaaS,
    • Software Licenses,
    • Technology and Privacy Law
    Meet David
    A headshot of David Canton.
    About the author

    David Canton

    Consultant
    • Business Law & Financial Services,
    • Data Protection,
    • e-Commerce,
    • Information Technology,
    • Intellectual Property,
    • SaaS,
    • Software Licenses,
    • Technology and Privacy Law
    Meet David

    Get connected

    Sign up for our newsletter to stay up to date with current events, news and articles

    Newsletter Sign-Up (Posts)

    CASL
    This field is for validation purposes and should be left unchanged.

    Related Articles

    A squash racket and ball rest on a table, with two players competing on a squash court in the background to represent the London Squash Racquets Club Doubles Invitational 2025.
    17 March 2025

    Harrison Pensa supports London Squash Racquets Club Doubles Invitational

    Newton's cradle with one ball swung to the side, showcasing kinetic energy transfer against a dark background.
    13 March 2025

    Law and science are more similar than you think

    Headshots of six Harrison Pensa lawyers in professional recognized by the 2025 Canadian Legal Lexpert Directory
    11 March 2025

    Harrison Pensa lawyers recognized in 2025 Canadian Legal Lexpert Directory

    Modern office reception area with illuminated sign reading "Harrison Pensa" to announce the firm is named a top 10 Ontario regional law firm.
    11 March 2025

    Harrison Pensa named a Top 10 Ontario Regional Law Firm

    Harrison Pensa LLP

    London, Ontario (Main Office)
    130 Dufferin Avenue
    Suite 1101 London, ON
    N6A 5R2

    Local: (519) 679-9660
    Fax: (519) 667-3362
    1 (800) 263-0489

    St. Thomas, Ontario
    468-470 Talbot Street
    St. Thomas, Ontario
    N5P 1C2

    Local: (519) 672-9500
    Fax: (519) 667-3362
    1 (800) 263-0489
    AICPA SOC logo with the text "AICPA SOC" and the URL "aicpa.org/soc4so". It also includes the phrases "SOC for Service Organizations" and "Service Organizations" on the border.
    AICPA SOC logo with the text "AICPA SOC" and the URL "aicpa.org/soc4so". It also includes the phrases "SOC for Service Organizations" and "Service Organizations" on the border.
    AICPA SOC logo with the text "AICPA SOC" and the URL "aicpa.org/soc4so". It also includes the phrases "SOC for Service Organizations" and "Service Organizations" on the border.
    © 2025 Harrison Pensa LLP
    Monitored by:AODA OnlineWeb Design & Digital Marketing:tbk Creative