Ontario Updating Cyber Security and Privacy Framework to Strengthen Data Protection
Ontario Cyber Security Privacy Framework Update Aims to Strengthen Data Protection and Modernize FOI Rules
The proposed changes were announced March 13 by the Ministry of Public and Business Service Delivery and Procurement. According to the province, the updates are intended to modernize Ontario’s nearly 40-year-old privacy and information-access framework to reflect the realities of today’s digital environment.
“After nearly 40 years, we are modernizing Ontario’s privacy protections and bringing the province’s technology practices into the 21st century,” said Stephen Crawford, Minister of Public and Business Service Delivery and Procurement. “These updates will strengthen cyber security, protect cabinet confidentiality and ensure responsible modern governance.”
Modernizing a Decades-Old Framework
Ontario’s current access and privacy framework was introduced in 1988, long before the widespread use of email, mobile devices and cloud-based digital systems.
Provincial officials say the outdated system creates privacy risks for both government and the public and does not reflect modern technology practices. While many Canadian jurisdictions have updated their legislation to address digital-era privacy challenges, Ontario’s framework has remained largely unchanged for nearly four decades.
The government says the proposed reforms will strengthen cyber security rules, update access-to-information processes and reduce administrative barriers while protecting sensitive data.
Changes to Freedom of Information Rules
One of the most significant changes proposed involves updates to Ontario’s Freedom of Information framework.
The government plans to exclude the records of the premier, cabinet ministers, parliamentary assistants and their offices from the Freedom of Information and Protection of Privacy Act (FIPPA).
Officials say the change would bring Ontario more in line with other jurisdictions in Canada, where cabinet-level political records are typically protected to ensure confidential decision-making.
However, the government says existing transparency requirements for government decision-making will remain in place, including access to records that document directions given by ministers to the public service.
Additional FOI changes include:
-
Extending standard response timelines to 45 business days
-
Releasing large requests in stages to provide information more quickly
-
Requiring institutions to assist requesters when submissions lack sufficient detail
-
Updating terminology and processes to reflect modern information systems
Expanded Cyber Security Requirements
Alongside FOI updates, Ontario plans to strengthen cyber security requirements across the broader public sector.
Under the proposal, organizations such as hospitals, school boards, children’s aid societies and post-secondary institutions would be required to adopt mandatory cyber security practices to protect sensitive data.
Other key measures include:
-
Mandatory cyber maturity assessments every two years
-
Requirements to report major cyber incidents
-
Designating a single point of contact during cyber security events
-
New rules requiring school boards to notify parents when students’ personal information is shared with third-party software providers
The province says these steps will improve its ability to detect and respond to cyber threats while strengthening protection of personal data.
Improving Government Digital Operations
The proposed reforms also include operational changes designed to improve digital government services.
For example, employee email accounts and related information could move between ministries when public sector employees change positions, helping reduce disruption and allowing staff to transition more quickly into new roles.
According to the government, the updates will support a more secure and efficient digital framework while improving information sharing across ministries.
Broader Digital Governance Efforts
The changes build on a series of recent provincial initiatives aimed at modernizing government data practices.
In recent years Ontario has expanded its Open Data Catalogue, strengthened oversight of government spending through the Auditor General and Financial Accountability Office, and introduced new rules in 2024 governing the responsible use of artificial intelligence in government.
The government says the latest reforms will help create a digital framework that reflects how modern governments operate while protecting personal privacy and sensitive public information.
For more updates on Ontario government policy, digital security and provincial legislation, visit GTA Today and follow us on social media.
