TLDR:
- The Ontario government introduced Bill 194: the Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024 to enhance digital security and establish trust in public sector institutions.
- The proposed legislation includes regulations on cyber security, AI governance, and the management of digital information concerning minors.
On May 13, 2024, the Ontario government introduced the Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024. The proposed legislation aims to enhance digital security and establish trust in public sector institutions, including entities covered under the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act. The legislation includes provisions for cyber security regulations, AI governance, and the protection of minors’ digital information.
Schedule 1 of the proposed legislation introduces the Enhancing Digital Security and Trust Act, 2024, which includes cybersecurity standards, an AI governance framework, and restrictions on processing personal information about minors. The legislation empowers the Lieutenant Governor in Council to establish sector-specific cyber security regulations and sets out requirements for public entities using AI systems.
Additionally, Schedule 2 proposes amendments to the Freedom of Information and Protection of Privacy Act, mandating privacy impact assessments, breach reporting, and enhancing the oversight powers of the Information and Privacy Commissioner of Ontario. The legislation also introduces protections for whistleblowers reporting non-compliance with FIPPA obligations.
The proposed legislation will impact public sector entities and their private sector partners, with potential changes to the regulatory landscape concerning the processing of personal information. Stakeholders have until June 11, 2024, to provide feedback on the legislation, which aims to ensure compliance and effectiveness in data protection strategies.