Skip to main content

Upcoming changes to FIPPA: What you need to know

Important amendments to the Freedom of Information and Protection of Privacy Act (FIPPA) came into effect on July 1. These changes are designed to strengthen privacy protections across all Ontario public institutions, including 51ÉçÇø.

Here’s how these changes may affect your work:

Privacy impact assessments

A privacy impact assessment (PIA) is a tool used to identify the effects of a given activity on the privacy of affected individuals. It helps highlight and mitigate any privacy risks associated with the collection of personal information* due to the implementation of new processes or tools. It supports compliance with FIPPA, protects individual privacy, and may be requested by the Information and Privacy Commissioner in the event of a complaint.

*Personal information is defined as recorded information about an identifiable individual. It includes information such as name, address, email address, photos, health records, and student information recorded in any format (physical or electronic).

When is a PIA needed?

Under the updated legislation, a PIA is now required before any collection of personal information at the university. This includes any initiative that involves the collection of personal information, including the implementation of new software or changes to existing systems. Examples include, but are not limited to:

  • Updating attendance-taking procedures at events.
  • Procuring new learning software that requires students to enter their information to create an account.
  • Integrating third party software into the learning management system.
  • Implementing an artificial intelligence solution for plagiarism detection.

What do you need to do?

Project owners will be responsible for working with the Privacy office to complete a PIA when personal information is being collected.

By conducting a PIA, you help the university comply with FIPPA and build a culture of trust, privacy and transparency. Engaging in the PIA process early in the project can help you avoid delays and reworking of processes by identifying privacy issues from the beginning.

To help you comply with these new changes, the Privacy office is developing new, simplified templates to streamline the PIA process for you. Keep an eye out for updates on when these templates are available to use.

Please contact accessandprivacy@ontariotechu.ca if you are working on a project involving personal information. Visit the for more information about .

Reporting privacy breaches

Under the new rules, Ontario Tech must investigate each privacy breach to determine its severity. The Privacy office is responsible for investigating all breaches.

If you suspect that someone’s personal information may have been improperly disclosed, you must contact the Privacy office immediately. They will help investigate and address any potential privacy breaches. The number and nature of all privacy breaches will be reported to the Information and Privacy Commissioner of Ontario each year. 

What is a privacy breach?

A privacy breach occurs when a theft, loss, unauthorized use or inadvertent disclosure of personal information occurs. Examples include, but are not limited to:

  • Emailing an academic transcript to the wrong student.
  • Losing an unencrypted USB drive containing student assignments.
  • Snooping on student files in Banner.
  • An attacker gaining access to a database containing student financial aid information.

If you suspect a privacy breach has occurred, even if it was accidental, report it to the Privacy office immediately by contacting accessandprivacy@ontariotechu.ca. They can help you respond to these breaches and determine what steps need to be taken.

Reporting a suspected privacy breach immediately helps us mitigate the damage done to the affected individual(s) and the university. A quick response can remedy the source of the breach and prevent any other individuals from being affected.

If you have any questions or need guidance on the above, contact Josh Reyes, Access and Privacy Officer, and/or Niall O’Halloran, Manager, Privacy and Policy, at accessandprivacy@ontariotechu.ca.

Thank you for your efforts to ensure Ontario Tech continues to uphold the highest standards of privacy and data protection.