Regulation - LGIC

Disclosure for Planning and Managing Services - Requirements for Non-Prescribed Entities or Persons on the Use, Security, Disclosure, Return or Disposal of Information under Part X (Personal Information) of the Child, Youth & Family Services Act, 2017 (CYFSA)

Regulation Number(s):
Instrument Type:
Regulation - LGIC
Bill or Act:
Child, Youth and Family Services Act, 2017
Summary of Decision:
Regulation in force on January 1, 2020.

Further Information:
Proposal Number:
Posting Date:
December 4, 2017
Summary of Proposal:
Overview of Part X:
The CYFSA received Royal Assent on June 1, 2017. Part X of the Act establishes a new personal information privacy framework for the sector which includes new:
•Rules for the collection, use, and disclosure of clients' personal information by service providers under the Act.
•Rights for children, youth and family members to access and correct their personal information held by those service providers.
•Ministry authority to collect data and information, including personal information from clients and service providers, for purposes such as monitoring and oversight, research, evaluation and system planning.
MCYS funds and/or licenses a variety of service providers to provide services across the child and youth sector. Some of these service providers are governed by the Freedom of Information and Protection of Privacy Act (FIPPA), the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), or the Personal Health Information Protection Act (PHIPA). However, many MCYS-funded service providers are currently not governed by any legislation that sets rules for the handling or sharing of personal information (e.g. Children's Aid Societies). Part X fills the 'legislative gap' in the child and youth service sector by providing consistent protections and rights for children, youth, and families related to their personal information.

Policy Intent in Legislation:
Section 293 (2) of the Act establishes authorities for service providers to disclose PI to Non-PEs (i.e. First Nations, Inuit or Métis entities/ persons) subject to certain requirements and restrictions for the purpose of planning and managing services.
Section 293 (2) aims to:
•Improve use of and access to high quality data for planning and service management by service providers allowing for the monitoring of outcomes for children, youth and families who access Ministry funded services.
•Address Indigenous partner feedback indicating their wish for increased control over their data, as well as building capacity within their communities to use data for service planning.
•Address the need to build agile systems that can respond to evolving data needs for future service planning.
•Protect the privacy of PI by prescribing requirements and restrictions related to the disclosure of PI.

Policy Intent of Regulation:
The regulation outlines requirements and restrictions that a Non-PE has to comply with related to the use, security, disclosure, return or disposal of PI that a service provider discloses to a Non-PE. A Non-PE is intended to be a First Nations, Inuit or Métis entity or person
Contact Address:
Ministry of Children and Youth Services
56 Wellesley St West, 15th Floor
Toronto, ON M5S 2S3
Effective Date:
January 1, 2020