What's Happening?
Bill 97, known as the Plan to Protect Ontario Act, has been passed into law, introducing major amendments to the Freedom of Information and Protection of Privacy Act (FIPPA) and the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA).
These changes aim to improve operational efficiency in handling access requests and modernize the privacy framework for institutions subject to these acts. Notably, the timeline for responding to access requests has been extended, and new provisions for staged access plans have been introduced. The amendments also expand the powers of the Information Privacy Commissioner and introduce mandatory data breach safeguards.
Why It's Important?
The passage of Bill 97 represents a significant shift in privacy legislation, affecting how public sector institutions in Ontario manage personal information. By extending response timelines and allowing staged access plans, the bill aims to balance operational demands with transparency. The expanded powers of the Information Privacy Commissioner and the introduction of mandatory data breach safeguards highlight a growing emphasis on data protection and accountability. These changes could influence similar legislative efforts in other jurisdictions, potentially impacting how privacy and information access are managed across Canada and beyond.
What's Next?
Institutions affected by Bill 97 will need to update their policies and procedures to comply with the new requirements by the time the amendments take effect on July 1, 2026. This may involve conducting privacy impact assessments and implementing new data breach reporting protocols. As these changes are implemented, there may be increased scrutiny on how institutions handle personal information, potentially leading to further legislative refinements or challenges. Stakeholders, including public sector employers and privacy advocates, will likely monitor the impact of these changes closely.
