On October 16, 2020, HALCO made a submission in response to the Ministry of Government and Consumer Services’ (the “Ministry”) consultation on the strengthening of privacy protections in Ontario.
People living with HIV continue to face discrimination, social exclusion, and violence. It is therefore vital that Ontarians living with HIV have access to robust and meaningful privacy protections to prevent privacy breaches in relation to their HIV status, and access to adequate and responsive remedies when privacy breaches do occur.
Though HALCO supports the eight privacy protecting measures set out in the Ministry’s Discussion Paper, HALCO has addressed, for its submission, the three proposed measures most relevant to our mandate as a legal clinic that works with people living with HIV:
- Introducing a “right to be forgotten”: People living with HIV who experience privacy breaches in relation to their HIV status often cannot access adequate remedies to minimize the potentially devastating consequences of such privacy breaches. This remedial gap typically manifests because of online disclosure of the person’s HIV status (through online media coverage and/or search engine results). HALCO recommends the adoption of the mechanisms of “source-takedown” (meaning requiring the publisher to remove the material) and “de-indexing” (meaning requiring online search engines to no longer show results related to certain information in some circumstances).
- Increase enforcement powers for the Information and Privacy Commissioner (the “IPC”) to ensure businesses comply with the law, including the ability to impose penalties: Granting the IPC increased enforcement powers, including the ability to impose penalties, is likely to create a deterrent effect which could motivate private and public entities to take proactive steps to prevent privacy breaches from occurring.
- Expanding the scope of the law to include commercial and non-commercial organizations: Ontario’s present legislative privacy regime applies only to public institutions and health information custodians. Commercial and non-commercial entities also, however, frequently commit privacy breaches. HALCO submits that Ontario’s privacy laws must be expanded to apply to such entities.