Accountability and oversight is set out in the legislation and makes each institution responsible for complying with the provisions of the legislation and establishes that a Responsible Minister has specified duties. This chapter summarizes the roles and responsibilities of the Responsible Minister, MPBSD staff, MPBSD Legal Counsel, and the IPC.

The concepts of an institution, a head of an institution, and how responsibilities can be assigned through a formal Delegation of Authority are explained.

Responsibilities of Coordinators and their staff are discussed in Chapter 3: Coordinator Roles and Responsibilities.

Responsible Minister

FIPPA s. 2, s. 3, s. 31, s. 32, s. 35, s. 39 (2), s. 45 / MFIPPA s. 2, s. 24, s. 29 (2)

The MPBSD Minister is currently the designated minister of the Crown responsible for both FIPPA and MFIPPA. The Responsible Minister is designated by the Lieutenant Governor in Council. The Responsible Minister’s main responsibilities are set out below.

Internal oversight: Promote compliance with the legislation and regulations; and address matters of public interest. The Responsible Minister provides advice to Cabinet and institutions and responds to the IPC’s annual report.

Amend and update the legislation and regulations: Ensure the legislation and regulations are reviewed for effectiveness and accuracy. The Responsible Minister also ensures external and internal stakeholders are consulted as necessary to proposed amendments and updates.

Provide approvals where required by the legislation: Ensure that institutions comply with the legislation and regulations in a consistent manner by reviewing and approving requests from institutions on proposed program initiatives.

Publications: Ensure that publications required to be made available under the legislation are publicly available. For example, the Responsible Minister is responsible for publishing the Directory of Institutions for all institutions covered by FIPPA and MFIPPA and the Directory of Records for Ontario Public Service ministries.

Policy and Legal Support

MPBSD staff and MPBSD Legal Counsel support the Responsible Minister, institutions and Coordinators in carrying out their responsibilities under the legislation. Legal advice can only be provided by Legal Counsel. The primary responsibilities of MPBSD staff and MPBSD Legal Counsel are listed below:

Support the Responsible Minister: Ensure the Responsible Minister meets his or her obligations under the legislation and exercises his or her statutory decision-making responsibilities by preparing briefing notes, speaking notes, correspondence, and media responses.

Amend and update the legislation and regulations: Review the effectiveness and accuracy of the legislation and regulations. They provide policy analysis and research, and coordinate and develop materials to support amendments to the legislation and regulations.

Stakeholder engagement: Address matters of public interest raised by internal and external stakeholders such as institutions, the IPC, and the public. They undertake consultations as necessary, participate in federal-provincial-territorial access and privacy committees, and lead communities of practice for Coordinators, Legal Counsel, policy, and technology professionals.

Advice and policy direction: Support institutions in the administration of the legislation and understanding of relevant policies. They respond to inquiries from institutions and members of the public. They develop policies, guidelines, tools and resources to advance access and privacy.

Education: Share information and resources and provide training to institutions about the legislation and administering the legislation.

Publications: Ensure the Responsible Minister meets his or her obligations to publish the Directory of Institutions and the Directory or Records. They provide direction to institutions and coordinate publication.

Annual report: Review compliance statistics of ministries and undertake special projects to respond to annual report of the IPC.

Information and Privacy Commissioner of Ontario

FIPPA s. 4, s. 5, s. 6, s. 7, s. 8, s. 9

The Commissioner is an Officer of the Legislature and is independent of the executive branch of government. The Commissioner is appointed by the Lieutenant Governor in Council with the approval of the Legislative Assembly. The Commissioner is appointed for a five-year term and is eligible for reappointment.

The legislation sets out requirements for the IPC’s office and staff, but the office establishes its own internal processes and timelines. The IPC’s main responsibilities are:

External oversight: Ensure that government organizations comply with the legislation. They provide advice and comments on proposed government legislation and policies.

Education: Educate the public and institutions about Ontario’s access and privacy laws. They publish a variety of resources for the public, organizations and professionals, and conducts research.

Appeals: Hear and resolve appeals from refusals to provide access to information, develops appeals processes, and issues orders on the decision of the appeal.

Privacy investigations: Investigate privacy complaints made by individuals regarding improper collection, use, or disclosure of their personal information, investigate self-reported privacy breaches, and conduct Commissioner initiated investigations into possible privacy breaches. The IPC can issue public investigation reports with recommendations and can order institutions to destroy personal information that was not collected in accordance with the legislation.

Annual report: Table an annual report in the Legislature which includes information about institutions’ compliance with FIPPA, MFIPPA and PHIPA and recommendations about the practices of specific institutions and proposed revisions to FIPPA, MFIPPA and PHIPA. The annual report is normally published in the spring of each year.

Coverage under the Legislation

The legal term for organizations covered by the legislation is “institution”. Each institution is a separate entity responsible for administering the legislation.

Provincial and municipal institutions are defined differently. Institutions are either defined in the legislation or listed individually under the regulations.

Provincial Institutions

FIPPA s. 2, Reg. 460

FIPPA defines institution as:

  • The Assembly;
  • A ministry of the Government of Ontario;
  • A service provider organization within the meaning of section 17.1 of the Ministry of Government Services Act;
  • A hospital; and
  • Any agency, board, commission, corporation or other body designated as an institution in the regulations.

FIPPA defines educational institutions as:

  • A college of applied arts and technology or a university.

Colleges are listed under the regulation as one entry (“Colleges of Applied Arts and Technology”). Universities are listed individually in the regulations.

FIPPA defines hospitals as:

  • A public hospital within the meaning of the Public Hospitals Act;
  • A community health facility; within meaning of the Oversight of Health Facilities and Devices Act; and
  • The University of Ottawa Heart Institute.

Service Provider Organizations

FIPPA s. 65.1

The Ministry of Government Services Act established entities known as “Service Provider Organizations.”

Service provider organizations are not institutions under the legislation; however the legislation establishes rules for how they must operate when providing a service on behalf of the Government or a public body, including how they manage customer service information and personal information.

Examples of service provider organizations and functions are ServiceOntario in the MPBSD, and government assistance programs under the Ministry of Revenue Act.

Municipal Institutions

MFIPPA s. 2, Reg. 372/91

MFIPPA defines an institution as:

  • A municipality;
  • A school board, municipal service board, city board, transit commission, public library board, board of health, police services board, conservation authority, district social services administration board, local services board, planning board, local roads board, police village or joint committee of management or joint board of management established under the Municipal Act, 2001 or the City of Toronto Act, 2006 or a predecessor of those Acts; and
  • Any agency, board, commission, corporation or other body designated as an institution in the regulations.

Other MFIPPA agencies, boards, commissions, corporations or other bodies not listed in the definition may be considered part of a municipality and fall under the authority of the council of the municipality.

The relationships between organizations and whether an organization is an institution or covered under MFIPPA may not be clear. Issues relating to coverage should be discussed with Legal Counsel.

Listing of Institutions and Regulation Updates

As noted above, institutions are either covered under the legislation by definition or by being listed under regulation. The process for updating the regulations is coordinated by MPBSD staff.

MPBSD staff coordinate with provincial and municipal institutions to ensure that the listing of institutions is up to date. Amendments to the regulations may include:

  • The addition of new institutions;
  • The renaming of institutions or heads of institutions; and
  • The deletion of institutions.

Coordinators should become familiar with institutions under the regulations that are related to their institution. Coordinators should advise MPBSD staff of any changes to the list of institutions.

Exceptions to Coverage

The legislation does not apply to some public sector organizations. These organizations include:

  • Some records of the Legislative Assembly;
  • Constituency Offices; and
  • Courts.

The sections below will provide more information.

Legislative Assembly

FIPPA has limited application to the Legislative Assembly and does not apply to Independent Officers of the Legislative Assembly.

The definition of institution includes the Legislative Assembly, but only in respect to records of expense claims of ministers, opposition leaders and their respective staff under the authority of the Politicians’ Expense Review Act, and in respect to the personal information contained in these records.

As such, FIPPA does not apply to the following offices:

  • Auditor General of Ontario;
  • Environmental Commissioner;
  • Financial Accountability Officer;
  • French Language Services Commissioner;
  • Information and Privacy Commissioner of Ontario;
  • Integrity Commissioner.
  • Ombudsman of Ontario; and
  • Provincial Advocate for Children and Youth;

Member of Provincial Parliament Constituency Offices

The constituency offices of Members of Provincial Parliament (MPP), including ministers, are not covered by FIPPA because they are not part of an institution.

The records of MPPs that relate to ministerial work may be subject to FIPPA.

For example, the policy recommendations related to education reform in the office of the Minister of Education would be subject to FIPPA; however, records related to individual constituents of the same official would not be subject to FIPPA.


The courts and the judiciary are not considered part of any ministry and therefore not included in the definition of institution. The role of the judiciary is set apart from government.

Municipal Councillors’ Records

Generally, the legislation does not apply to the records of municipal councillors that relate to their constituents and their private political activities.

However, records of municipal councillors may be subject to the legislation when:

  • A councillor is acting as an officer or employee of the municipality, or performs a duty assigned by council, such that they might be considered part of the institution; or
  • The records are in the custody or control of the municipality.

Examples of when a municipal councillor may be acting as an officer of the municipality include when a councillor participates on a municipal committee or board or exercises administrative or management functions on behalf of the municipality.

Head of an Institution

The “head” of an institution is the legal term that refers to the official accountable and responsible for:

  • Overseeing the administration of the legislation;
  • Ensuring compliance with the legislation and regulations; and
  • Making decisions regarding the legislation.

While the legislation refers to responsibilities of the head, responsibilities can be carried out by other positions in an institution through a Delegation of Authority discussed below.


The head for Ontario ministries is the minister of the Crown who presides over a ministry.

For institutions that are designated under the regulation, the regulation also indicates the officer designated as the head. The minister responsible for an agency is usually the head. In some cases, a senior executive such as a President or Chair may be designated as the head of an agency, board, or commission.

For public hospitals, the head is defined as the Chair of the Board; and for community health facilities the head is defined as the Superintendent.

For colleges, the head is defined as the Chair of the Board; and for universities, the head is defined as the Executive Head.


Under MFIPPA, the head is the council of a municipality or the board of a local board unless they choose to designate as head an individual or sub-group from among themselves. Examples of designations may include the mayor, a warden, a councillor, a special committee or a board member.

The designation must be in writing and in the case of a municipal council; it should be set out in a by-law.

See Appendix 1 for a sample draft by-law designating a head under MFIPPA. See Appendix 2 for a sample resolution designating a head under MFIPPA.

Delegation of Authority

s. 62 (1) / s.49 (1)

The legislation allows the head of an institution to delegate some or all powers and duties to an officer or officers of an institution or to another institution. This is known as a “Delegation of Authority” (DOA). It is through a DOA that many Coordinator responsibilities are formalized.

A DOA is a legal document and should clearly identify the duties and functions being delegated regarding access and privacy. The responsibility that is usually delegated is decision-making. However, the head of an institution remains accountable for all decisions made and actions taken.

The process for developing a DOA should involve the head of an institution, Legal Counsel, and all delegated decision-makers in order for all parties to fully understand their responsibilities. The DOA should be reviewed regularly and kept up-to-date.

See Appendix 3 for a sample DOA.

Conflict of Interest

The DOA should include alternate decision-makers where there is a possible conflict of interest. A conflict of interest may be real or can reasonably be assumed. A conflict of interest may exist where:

  • A public official knows they have a private interest connected to their public duties, or
  • A public official may be perceived to be making decisions based on a personal or private interest rather than the public interest.

Offences and Liability

FIPPA s. 61, s. 62 / MFIPPA s. 48, s. 49

The legislation includes offences or consequences for intentionally contravening some of its rules.

If an offence is committed, individuals, institutions and employees can be liable for fines up to $5,000.

Offences listed under the legislation include willfully and knowingly:

  • Disclosing personal information in a manner that is not authorized;
  • Maintaining a secret personal information bank that contravenes the legislation;
  • Making a request for access to or correction of personal information under false pretenses;
  • Altering, concealing or destroying a record, or the information contained in the record, with the intent to evade access to information requests;
  • Causing another individual to alter, conceal or destroy a record, or the information contained in a record, with the intent to evade access to information requests;
  • Obstructing the IPC’s performance of its duties; and
  • Misleading the IPC, or failing to comply with an order of the IPC.

A prosecution for an offence under the legislation must commence within two years of discovery of evidence of the offence. The consent of the Attorney General must be sought before a prosecution can occur.

Employees of an institution are protected against civil actions and liabilities when they are acting in good faith.


FIPPA s. 10.1 / MFIPPA s. 4.2

The legislation requires that reasonable measures are developed, documented and put into place in order to preserve the organization’s records in accordance with the recordkeeping rules that apply to the organization. An organization’s rules can be established either by policy, by-law or law.

The records of an institution serve as evidence of government activities and transactions. Managed properly, information provides authoritative and trustworthy evidence and provides proof of government decisions and accountability for those decisions.

Good records management also supports compliance with the legislation.


Appendix 1 Sample Municipal By-law for Appointing a Head under MFIPPA

Appendix 2: Sample Resolution Appointing a Head under MFIPPA

Appendix 3: Sample Delegation of Authority

MPBSD: Recordkeeping Amendments to FIPPA and MFIPPA – Information Sheet

IPC: FIPPA and MFIPPA: Bill 8 – The Recordkeeping Amendments

IPC: MFIPPA and Councillors’ Records

IPC: Improving Access and Privacy with Records and Information Management