November 2025, A Major Shift in Privacy Compliance
If your organization is a provincial government body in Ontario, the rules just changed. As of July 1, 2025, conducting Privacy Impact Assessments (PIAs) isn’t just a best practice anymore, it’s the law.
Who Does This Affect?
This applies to all provincial institutions subject to Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA). That includes:
- Provincial ministries and agencies
- Provincially-funded institutions like universities and colleges
- Hospitals and other healthcare organizations under FIPPA
- Provincial Crown corporations
Municipal institutions under MFIPPA aren’t legally required to do PIAs yet, but the writing’s on the wall. The smart money says: start now anyway.
What Changed?
Ontario passed Bill 194 (the Strengthening Cyber Security and Building Trust in the Public Sector Act), which turned privacy best practices into legal requirements. Here’s what provincial institutions must now do:
Before You Collect Personal Information, You Must:..
How the Liberal and Conservative Parties Have Quietly Colluded to Undermine the Privacy Rights of Canadians
It hasn’t received much attention, but the government and official opposition – ie. the Li…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
