November 2025, A Major Shift in Privacy Compliance
If your organization is a provincial government body in Ontario, the rules just changed. As of July 1, 2025, conducting Privacy Impact Assessments (PIAs) isn’t just a best practice anymore, it’s the law.
Who Does This Affect?
This applies to all provincial institutions subject to Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA). That includes:
- Provincial ministries and agencies
- Provincially-funded institutions like universities and colleges
- Hospitals and other healthcare organizations under FIPPA
- Provincial Crown corporations
Municipal institutions under MFIPPA aren’t legally required to do PIAs yet, but the writing’s on the wall. The smart money says: start now anyway.
What Changed?
Ontario passed Bill 194 (the Strengthening Cyber Security and Building Trust in the Public Sector Act), which turned privacy best practices into legal requirements. Here’s what provincial institutions must now do:
Before You Collect Personal Information, You Must:..
Canada’s Privacy Landscape in 2026: A Gap in Strategy between the “Aspiration of Policy” and the “Reality of Business”
Year-End Evaluation for Business Owners By Derek Lackey, Managing Director, Newport Thomso…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
