Regulation - LGIC

Exceptions to Disclosure of Personal Information for Planning and Managing Services under Part X (Personal Information) of the Child, Youth & Family Services Act, 2017 (CYFSA)

Regulation Number(s):
N/A
Bill or Act:
Child, Youth and Family Services Act, 2017.
Summary of Proposal:
Overview of Part X:
The CYFSA received Royal Assent on June 1, 2017. Part X of the Act establishes a new personal information privacy framework for the sector which includes new:
•Rules for the collection, use, and disclosure of clients' personal information by service providers under the Act.
•Rights for children, youth and family members to access and correct their personal information held by those service providers.
•Ministry authority to collect data and information, including personal information from clients and service providers, for purposes such as monitoring and oversight, research, evaluation and system planning.
MCYS funds and/or licenses a variety of service providers to provide services across the child and youth sector. Some of these service providers are governed by the Freedom of Information and Protection of Privacy Act (FIPPA), the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), or the Personal Health Information Protection Act (PHIPA). However, many MCYS-funded service providers are currently not governed by any legislation that sets rules for the handling or sharing of personal information (e.g. Children's Aid Societies). Part X fills the 'legislative gap' in the child and youth service sector by providing consistent protections and rights for children, youth, and families related to their personal information.
The data collection authorities included in Part X will enhance the ability of the ministry to use data about its clients to make evidence-based decisions about its programs and services while protecting the privacy and confidentiality of that data.

Policy Intent in Legislation:
Section 293 of Bill 89 establishes authorities for service providers to disclose PI to PEs and Non-PEs (i.e. First Nations, Inuit or Métis entities/persons) subject to certain requirements and restrictions for the purpose of planning and managing services.
Section 293 aims to:
•Improve use and access to high quality data for planning and service management allowing for the monitoring of outcomes for children, youth and families who access Ministry funded services.
•Leverage the role, capacity and expertise of PEs to support the planning for and management of services.
•Address Indigenous partner feedback indicating their wish for increased control over their data and increased capacity within their communities to use data for service planning.
•Address the need to build agile systems that can respond to evolving data needs for future service planning.
•Protect PI and its confidentiality by prescribing requirements and restrictions related to the disclosure of personal information.
The Act stipulates that the regulations will outline restrictions on information or circumstances in which certain information could not be disclosed to a PE and non-PE.

Policy Intent of Regulation:
The regulation names specific PI that service providers are not authorized to disclose to PEs and non-PEs for system/service planning and management purposes.
Intent is to respect special protections (e.g. counselling records as included in PHIPA).
Further Information:
Proposal Number:
17-CYS003
Posting Date:
December 4, 2017
Comments Due Date:
January 26, 2018
Contact Address:
Ministry of Children and Youth Services 56 Wellesley St West, 15th Floor
Toronto, ON M5S 2S3