On May 13, 2024 the Minister of Public and Business Service Delivery, the Hon. Todd McCarthy introduced Bill 194, Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024. The proposed legislation enacts the Enhancing Digital Security and Trust Act (EDSTA) and amends the Freedom of Information and Protection of Privacy Act (FIPPA). The EDSTA intends to provide a framework to address cyber security, artificial intelligence (AI) systems while supporting digital service delivery of public sector entities, including municipalities. Meanwhile, FIPPA amendments better prevent and respond to privacy breaches of respective institutions.
As digital services expand and citizen expectations continue to evolve, a key focus of AMCTO advocacy has been for municipal administrators to have the right legislative tools and guidance to manage risk, security and other impacts of technology on service delivery. We are pleased to see the Province respond to our calls and take a step in the right direction.
If passed, the Bill will:
- establish Lieutenant Governor in Council (LGIC) and Minister authority to make regulations and requirements for cybersecurity programs, reporting, and standards among other areas; and
- define AI and rules for ‘transparent, accountable and ethical’ use such as informing the public about the use of AI, developing and implementing an accountability framework and related risk-management.
The EDSTA also seeks to protect children’s personal information, however such provisions will only apply to entities such as school boards and children’s aid societies.
The Bill further aims to enhance and modernize privacy protection through FIPPA amendments that:
- increase the Information and Privacy Commissioner of Ontario’s (IPC) authority over privacy compliance investigations, conducting reviews of information practices and issuing compliance orders;
- introduce new data breach notification and reporting requirements;
- require privacy impact assessments and safeguards to protect personal information;
- establish a provision related to whistleblowing; and
- offer a “tell us once” option rather than restating information when accessing digital services.
The Bill has been ordered for second reading before proceeding to referral to a standing committee, during which there will be an opportunity for public presentations and written submissions for feedback on the bill.
The legislation comes alongside a regulatory registry posting. The Consultation on proposed legislation: Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024 is open for comment until June 11, 2024. We are currently reviewing the bill and may potentially be commenting. If you have concerns or comments about the bill, please contact us by June 1, 2024.
When it comes to modernizing legislation and regulations that affect the municipal sector, we have often highlighted the importance of collaborating with the Province and regulators such as the IPC. One example is through our Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) submission and related member toolkit. Since its launch we continue to receive municipal council resolutions in support of such legislative changes - if your municipality has developed a council resolution, we encourage you to let us know if you have not done so already.
Submit your MFIPPA Council Resolution
We look forward to continuing to work together to address modernization challenges and leverage opportunities for municipalities in this area.