FIPPA
What is FIPPA?
The Freedom of Information and Protection of Privacy Act (FIPPA) is a legislative framework designed to regulate public bodies’ personal information collection, use, and disclosure in Ontario, Canada. It controls the access to government records and the protection of personal information held by public bodies, such as government departments, agencies, and municipalities.
Overview of FIPPA
- Law: Freedom of Information and Protection of Privacy Act (FIPPA)
- Region: Ontario, Canada
- Signed On: 1988
- Industry: Public sector organizations in Canada
Personal Data Under The FIPPA
Any information held by a public body in Canada that can be used to identify a specific individual is covered by FIPPA.
- Identifying Information: Data that can be used to identify an individual, either alone or when combined with other information. This includes name, address, phone number, email address, driver’s license number, passport number, etc.
- Demographic Information: Data that describes an individual’s characteristics, such as date of birth, gender, marital status, education history, employment history, etc.
- Financial Information: Information about an individual’s financial standing, such as bank account information, income tax information, credit card information (with limitations), etc.
- Medical Information: Data related to an individual’s health and medical history, including doctor’s notes, test results, medication history (with strict privacy safeguards), etc.
- Opinions and Beliefs: Political views, religious beliefs, personal opinions, etc.
- Electronic Data: Information stored electronically, such as digital documents, email records, recordings of phone calls (with limitations), etc.
Key Components of FIPPA
FIPPA comprises several key components, like the right to access, privacy protection, and the independent review process. These components strengthen provisions for collecting, storing, and disposing of personal information and guidelines for accessing government records and protecting individuals’ privacy rights.
Data Protection Principles
One of the fundamental principles of FIPPA is the protection of personal information. It mandates that public bodies take reasonable steps to safeguard the personal data they collect and ensure accountability, transparency, purpose limitation, retention & disposal policies, and access & corrections.
Who Needs to Comply?
FIPPA applies to a broad range of public bodies in Ontario, encompassing various organizations that hold and manage personal information. While it doesn’t directly govern private businesses, compliance becomes crucial for any entity interacting with these public bodies.
Provincial Government Agencies:
- All ministries, departments, boards, and commissions operate by the Ontario government.
- Crown corporations and agencies with specific legislative designations.
Healthcare Institutions:
- Hospitals, community care access centers, and other providers funded by the provincial government.
- Universities and colleges receiving provincial funding.
Municipal and Educational Institutions:
- Municipalities, regional and local governments, and other public institutions.
- School boards at all levels (elementary, secondary, and post-secondary).
Organizations Delivering Public Services:
- Private entities contracted to deliver services for public bodies, such as social services or public transit.
- Organizations designated as “controlled corporations” under FIPPA legislation.
Third-Party Service Providers:
- Companies handling personal information on behalf of public bodies, like data processors or cloud service providers, often have indirect compliance obligations due to contractual agreements.
Noncompliance Fines
FIPPA enforces compliance through administrative penalties, meaning the Information and Privacy Commissioner (IPC) can directly impose fines without going through court. These fines are significant and should be taken seriously:
- Individuals: Up to $25,000 for each violation.
- Organizations: Up to $50,000 for each violation.
The IPC considers several factors when determining the fine amount, like the nature of the violation, prior history, and cooperation with the investigation.
In conclusion, FIPPA plays a crucial role in safeguarding individuals’ privacy rights and promoting transparency in the handling of personal information by public bodies. Compliance with FIPPA requires organizations to implement robust data security solutions, like data masking, to mitigate the risk of privacy breaches and ensure regulatory compliance.
FAQ
What is FIPPA, and to whom does it apply?
FIPPA, the Freedom of Information and Protection of Privacy Act, is a provincial legislation in Canada that governs access to government records and protects personal information. It applies to public bodies, including government ministries, agencies, boards, and commissions.
Are there any exceptions to the application of FIPPA?
While FIPPA generally applies to most public bodies in Canada, certain entities, such as courts, legislative offices, and some municipal corporations, may be exempt from its provisions. However, these entities often have their privacy and access to information laws.
How does FIPPA contribute to accountable and transparent governance?
FIPPA plays a crucial role in promoting accountable and transparent governance by ensuring citizens can access government information. By fostering transparency, FIPPA enhances public trust in institutions and facilitates informed decision-making in a democratic society.