Resources
Privacy Compliance Tool
The Privacy Compliance Tool is designed to help OPS ministries and clusters with projects that may require a Privacy Impact Assessment (PIA).
The Privacy Compliance Tool enables you to start your privacy analysis early and build privacy requirements into your project plan, business processes, and design requirements.
This tool will help you to:
- Assess whether your project involves personal information,
- Identify sources of privacy risk in your project,
- Assess compliance with the privacy rules set out in the Freedom of Information and Protection of Privacy Act (FIPPA), and
- Analyze and summarize preliminary findings for senior management.
The Privacy Compliance Tool is developed in Excel. An overview of the tool is provided in the supporting presentation.
Download [Presentation  ] [Excel Tool  ]
Note: The Privacy Compliance Tool replaces the MGCS Privacy Impact Assessment Screening Tool.
Comparison
of PIA and TRA Processes
Download this resource [Adobe
Version]
Best
Practices for Managing Personal Information
A Commitment to Privacy
The Ontario Public Service is committed to respecting privacy
and protecting personal information.
This Fact Sheet provides an overview of best practices for
managing personal information. The legal requirements respecting
the collection, use, disclosure and retention of personal
information are found in the Freedom
of Information and Protection of Privacy Act (FIPPA).
Your should contact your are FIPPA Coordinator if you have
questions.
Download this resource [Word
Version  Adobe
Version]
Corporate
Operating Policy on Internet Tracking Technologies
The purpose of this corporate operating policy on internet
tracking technologies is to define mandatory requirements,
provide operational guidance and define responsibilities
concerning tracking technologies on government web sites
and web applications.
Discussion
Paper: Identity Authentication and Authorization in Electronic
Service Delivery - An Ontario
Perspective
This paper outlines how Ontario is implementing its strategy
for identity authentication and authorization in electronic
transactions by:
- describing the fundamental building blocks of an electronic
service transaction - that we have termed the CHAIN OF
TRUST - to facilitate our discussions about service integration;
- illustrating how the Chain of Trust is integrated with
an INFORMATION CLASSIFICATION SCHEMA to identify the levels
of assurance required of each building block of an service
transaction;
- providing examples of how the Chain of Trust has been
applied in some of OUR INITIATIVES in Ontario.
- Lastly, we will discuss NEXT STEPS that we must address
in our individual jurisdictions and collectively to ensure
that authentication and authorization processes continue
to evolve in support of electronic service delivery.
Frequently Asked
Questions
This FAQ is a collection of questions and answers published
in the Access and Privacy Newsletter; a quarterly publication
of the Access and Privacy Office, Ministry of Government
Services.
What Government
Should Know about Privacy: A Foundation Paper
Paper prepared for the Information Technology Executive
Leadership Council's Privacy Conference, June 19, 2001 (Revised
August 1, 2001). This research traces the historical development
of fair information practices arising out of the concerns
of governmental and non-governmental organizations regarding
the computerization of personal data. The paper also provides
a cross-jurisdictional analysis of privacy policy management
tools that have been developed by governmental and non-governmental
organizations, including tools that Ontario has developed.
Freedom of
Information Guideline
The Ontario Government is committed to a continually improving,
effective access to information regime as a corporate priority
of the Ontario Public Service. The purpose of this guideline
is to support that commitment and to promote best management
practices to improve the administration of the Freedom of
Information and Protection of Privacy Act (FIPPA).
Privacy Impact
Assessment Guidelines
The new guidelines for the annual Information and Information
Technology (I&IT) plans submitted to Ministry of Government
Services (MGS) specify that a Privacy Impact Assessment is
required where proposals may affect client privacy. These
Guidelines help ministries identify projects for which a
PIA may be required, and provide a step-by-step process for
completing a Privacy Impact Assessment. (Published December
1999, updated June 2001)
Electronic Service
Delivery Privacy Standard
The objective of the Electronic Service Delivery Privacy
Standard is to ensure that the privacy of Ontarians is protected
as the delivery of Government services is redesigned to increase
the role of private sector partners and as more Government
services are delivered through common, integrated and electronic
channels.
Model Cross-Jurisdictional
Privacy Impact Assessment Guide-Draft
A privacy impact assessment (PIA) is a process that determines
whether new proposals for or modifications to existing applications
for cross-jurisdictional electronic delivery of services
to individuals meet privacy requirements and expectations.
The specific stages in the Guide, along with the questions
it poses, are designed to be modified to fit the nature of
the potential privacy implications and risks associated with
a given project.
Routine
Disclosure/Active Dissemination
A major challenge for government organizations is meeting
the public's growing need for information in a cost effective
fashion. To satisfy this demand and foster open government,
practices have been developed to encourage the routine disclosure/active
dissemination of information. These practices are intended
to provide advice to Freedom of Information and Privacy Co-ordinators
on various options for encouraging greater access to government
held information.
Privacy Design Principles
The use of privacy design principles is one part of a two
part process to ensure that new initiatives meet privacy
protection requirements. Incorporating the privacy design
principles at the beginning of business and I & IT planning
cycles will ensure that, proposals be developed whose business
and systems details conform to privacy objectives. It will
also ensure that I & IT initiatives clearly identify
any circumstances where privacy may be at risk and any specific
design and implementation initiatives that need to be introduced.
Directory
of Records
The Directory of Records is a publication required by the
Freedom of Information and Protection of Privacy Act (FIPPA).
It describes Ontario Government ministries and agencies covered
by FIPPA, the types of records maintained by these institutions
and the telephone number and address of each institution's Freedom
of Information and Protection of Privacy Coordinator.
Directory
of Institutions
The Directory of Institutions is required by statute and
lists all institutions covered by the Freedom of Information
and Protection of Privacy Act (FIPPA) and the Municipal Freedom
of Information and Protection of Privacy Act (MFIPPA). The
directory includes ministries, provincial agencies, municipalities
and local boards. The address of the Freedom of Information
and Privacy Coordinator for each institution is provided
to assist the public in directing access requests to the
appropriate institution.
Freedom of Information
and Protection of Privacy Manual
The purpose of the Manual is to assist ministries and agencies
in complying with and administering the Freedom of Information
and Protection of Privacy Act. The Manual is intended to
serve as a guide in carrying out the requirements of the
legislation and should be used together with the Act and
regulations.
Slides and Presentations
Downloading Instructions
You may need the software below to view these publications.
Adobe
Acrobat Reader
Microsoft
Word Viewer
Microsoft
PowerPoint Viewer 
|
OCIPO 
