Support Centre



Law: Freedom of Information and Protection of Privacy Act, RSO 1990 c F.31 ('the Act'). Please note that the Act applies to public bodies only. Private organisations are regulated at the federal level by the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA').

Regulator: The Information and Privacy Commissioner of Ontario ('IPC')

Summary: Although Ontario does not have a comprehensive private sector data protection law, privacy principles are enshrined through the enforcement of public sector and sector-specific laws. In addition, Ontario has shown signs of increasing the scope of privacy protections in the province with recent amendments to the Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A ('PHIPA'). In particular, the changes to PHIPA include increased penalties, audit requirements for organisations, and additional regulation-making powers for the IPC. Finally, Bill 14 for the Personal Information Protection Act, 2018, which is being discussed in the Standing Committee on Justice, may introduce significant new requirements for private organisations if enacted.


The Office of the Information Commissioner of Ontario ('IPC') announced, on 7 September 2021, that it had issued its submission1 in response to the provincial government's white paper2 on proposals for a provincial private sector privacy law.