Act
Consultation on proposed legislation: Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024
Regulation Number(s):
N/A
Instrument Type:
Act
Bill or Act:
Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024
Summary of Proposal:
**** Feedback is no longer being accepted through the Regulatory Registry - additional feedback may be provided by email to digital.government@ontario.ca ***
The Ministry of Public and Business Service Delivery (MPBSD) is proposing new legislation that would, if passed, strengthen critical digital systems and services, modernize privacy safeguards, and address emerging technological threats for the Ontario Public Service and public sector.
The Ministry is introducing the Enhancing Digital Security and Trust Act, 2024 to set a legislative foundation to:
a) Establish requirements relating to cyber security that will strengthen cyber resilience and maturity across the public sector with clear accountabilities.
b) Set a definition of artificial intelligence (AI) to create consistency across the public sector and establish protections to ensure responsible use of AI systems.
c) Establish rules to prevent misuse of children's data.
d) If approved to proceed, further direction, including proposed regulations, would be developed& in consultation with ministries, public sector organizations, experts, the public, and other interested parties.
The proposed scope of this legislation would include public sector organizations under:
a) Institutions as defined under the Freedom of Information and Protection of Privacy Act (FIPPA), including:
- Ministry of the government of Ontario;
- Hospitals;
- Colleges and Universities; and
- Any agency, board, commission, corporation or other body designated as an institution in the regulation.
b) Boards under the Education Act
c) Societies under the Child, Youth and Family Services Act (CYFSA)
d) Institutions as defined under the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), including:
- Municipalities;
- A school board, municipal service board, city board, transit commission, public library board, board of health, police service board, conservation authority, district social services administration board, local services board, planning board, local roads board, police village or joint committee of management or joint board of management established under the Municipal Act, 2001 or the City of Toronto Act, 2006 or a predecessor of those Acts; and
- Any agency, board, commission, corporation or other body designated as an institution in Regulation 372/91 under MFIPPA.
The Ministry also proposed to amend FIPPA to:
Improve protections to safeguard personal information, modernize the role of the Information and Privacy Commissioner, and enable ServiceOntario to provide personalized, transparent and trustworthy digital service delivery for individuals who "opt in" and provide consent.
Proposed legislative amendments to FIPPA would only impact institutions covered by FIPPA, including ministries of the Government of Ontario and any agency, board, commission, corporation, or other body prescribed by FIPPA regulations.
The Ministry of Public and Business Service Delivery (MPBSD) is proposing new legislation that would, if passed, strengthen critical digital systems and services, modernize privacy safeguards, and address emerging technological threats for the Ontario Public Service and public sector.
The Ministry is introducing the Enhancing Digital Security and Trust Act, 2024 to set a legislative foundation to:
a) Establish requirements relating to cyber security that will strengthen cyber resilience and maturity across the public sector with clear accountabilities.
b) Set a definition of artificial intelligence (AI) to create consistency across the public sector and establish protections to ensure responsible use of AI systems.
c) Establish rules to prevent misuse of children's data.
d) If approved to proceed, further direction, including proposed regulations, would be developed& in consultation with ministries, public sector organizations, experts, the public, and other interested parties.
The proposed scope of this legislation would include public sector organizations under:
a) Institutions as defined under the Freedom of Information and Protection of Privacy Act (FIPPA), including:
- Ministry of the government of Ontario;
- Hospitals;
- Colleges and Universities; and
- Any agency, board, commission, corporation or other body designated as an institution in the regulation.
b) Boards under the Education Act
c) Societies under the Child, Youth and Family Services Act (CYFSA)
d) Institutions as defined under the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), including:
- Municipalities;
- A school board, municipal service board, city board, transit commission, public library board, board of health, police service board, conservation authority, district social services administration board, local services board, planning board, local roads board, police village or joint committee of management or joint board of management established under the Municipal Act, 2001 or the City of Toronto Act, 2006 or a predecessor of those Acts; and
- Any agency, board, commission, corporation or other body designated as an institution in Regulation 372/91 under MFIPPA.
The Ministry also proposed to amend FIPPA to:
Improve protections to safeguard personal information, modernize the role of the Information and Privacy Commissioner, and enable ServiceOntario to provide personalized, transparent and trustworthy digital service delivery for individuals who "opt in" and provide consent.
Proposed legislative amendments to FIPPA would only impact institutions covered by FIPPA, including ministries of the Government of Ontario and any agency, board, commission, corporation, or other body prescribed by FIPPA regulations.
Analysis of Regulatory Impact:
MPBSD anticipates that the proposal would not introduce substantial financial costs as similar privacy-specific corporate requirements already exist for ministries and provincial agencies, including reporting privacy breaches and conducting Privacy Impact Assessments (PIAs).
The financial impact of modernized compliance authorities and tools including mandatory privacy breach reporting, receiving complaints, conducting investigations, and ensuring compliance from specified public sector organizations would be analyzed in detail should the proposal receive support to proceed. As needed, public sector organizations would work with their relevant ministry to determine any costs.
The financial impact of modernized compliance authorities and tools including mandatory privacy breach reporting, receiving complaints, conducting investigations, and ensuring compliance from specified public sector organizations would be analyzed in detail should the proposal receive support to proceed. As needed, public sector organizations would work with their relevant ministry to determine any costs.
Further Information:
Bill 194, Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024
Proposal Number:
24-MPBSD006
Posting Date:
May 13, 2024
Comments Due Date:
June 11, 2024
Contact Address:
595 Bay St, Toronto, ON, M5G 2C2
Proposal Status:
.