Ontario Privacy Rights Explained: What’s Protected and How to Use Them
Privacy protection in Ontario isn’t governed by a single law. Your rights depend on who holds your information—a provincial ministry, municipality, hospital, or private business—and what type of data is involved, such as general personal information or health records.
What information is protected?
In the public sector, “personal information” includes any identifiable data about you, such as your name combined with other details, contact information, age, education or employment history, and financial identifiers held by government institutions. In healthcare, “personal health information” covers data linked to your physical or mental health, including diagnoses, lab results, treatment notes, and records maintained by hospitals, clinics, and other health custodians.
Your core privacy rights
Ontario law gives you three fundamental rights. First, the right to access—you can request copies of your personal or health information from covered institutions. Second, the right to correct—if records about you are inaccurate or incomplete, you can ask for corrections. Third, the right to complain—if your information is mishandled or your access request is denied, you can file a complaint with the Information and Privacy Commissioner of Ontario (IPC).
Key laws that protect you
-
FIPPA applies to provincial ministries and agencies.
-
MFIPPA covers municipalities and local public bodies.
-
PHIPA governs personal health information.
-
PIPEDA applies to many private-sector businesses engaged in commercial activities.
Using your rights in practice
Public-sector access requests typically involve a formal FOI process and a small application fee. Health records are requested directly from the provider. Complaints can be filed with the IPC or, for private companies, the federal privacy regulator.
Bottom line: identify the right law, then confidently access, correct, or challenge how your data is handled.
