Close Alert Banner
Close Old Browser Notification
Browser Compatibility Notification
It appears you are trying to access this site using an outdated browser. As a result, parts of the site may not function properly for you. We recommend updating your browser to its most recent version at your earliest convenience.
Skip to Content
Region of Durham Logo
Contact Us
Engage
  • Living Here
    • 211 – Connect with local community services
    • 311 – Connecting you to our services
    • A to Z Services
    • Accessibility
    • Age-Friendly Durham
    • Animal Services and Control
    • Child Care and Early Years
    • Climate, Energy and Resilience
    • Conservation Authorities
    • Counselling
    • Crime Prevention and Public Safety
    • Durham Employment Services
    • Education and Schools
    • Emergency Preparedness
    • Emergency Services
    • Emergency Social Services
    • Garbage and Recycling
    • Housing and Homelessness
    • Libraries
    • View More...
    View our Garbage and Recycling page

    Garbage and Recycling

    View our My Property page

    My Property

    View our Roads and Traffic page

    Roads and Traffic

  • Discovering Durham
    • About Durham Region
    • Arts and Culture
    • Bike Month
    • Cycling and Walking
    • E-mobility
    • Local Food and Farmers' Markets
    • Maps
    • New to Durham Region
    • Parks, Trails and Conservation Areas
    • Spectator Sports
    • Sport Tourism
    • Sports and Recreation
    • Tourism
    • Tourism Festival and Events Calendar
    • Transportation and Transit
    View our Tourism page

    Tourism

    View our Tourism Festival and Events calendar

    Tourism Festival and Events Calendar

    View our Transportation and Transit page

    Transportation and Transit

  • Doing Business
    • Applications, Licences and Permits
    • As-Built Drawing Request
    • Bid Opportunities
    • Business Directory
    • Business Count
    • Community Social Investment Program
    • Construction and Your Business
    • Construction Liens
    • Design and Construction Specifications
    • Economic Development
    • Events
    • Funding Resources
    • Garbage and Recycling Collection on Private Property
    • Housing
    • Municipal Consent
    • Operating a Child Care Centre
    • Planning and Development
    • Public Health and Your Business
    • Purchasing
    • View More...
    View our Agriculture page

    Agriculture

    View our Business Directory page

    Business Directory

    View our Purchasing page

    Purchasing

  • Health and Wellness
    • Alcohol, Cannabis, Drugs and Smoking
    • Babies and Toddlers
    • Child Health and School-Age Children
    • Clinics and Classes Calendar
    • COVID-19
    • Domestic Violence
    • Dental and Oral Health
    • Environment and Your Health
    • Food and Eating
    • Health Care Professionals
    • Health Check-Up! Reports and Health Plans
    • Health Information Services
    • Healthy Living
    • Illness, Infection and Disease
    • Immunizations and Vaccines
    • Injury Prevention and Safety
    • Mental Health
    • Pregnancy
    • Public Health Inspections and Investigations
    • View More...
    View our Health Care Professionals page

    Health Care Professionals

    Launch the Durham Region Respiratory Virus Data Tracker

    Respiratory Virus Data Tracker

    Report Immunizations Online

    Report Immunizations Online

  • Regional Government
    • A to Z Services
    • Access to Information
    • Accountability and Transparency
    • Advocacy Priorities
    • Awards
    • Budget and Financial
    • By-Laws
    • Careers and Volunteering
    • CityStudio Durham
    • Community Engagement
    • Community Safety and Well-Being Plan
    • Contact Us
    • Court and Traffic Tickets (Provincial Offences)
    • Departments
    • Diversity, Equity and Inclusion
    • Durham Region 101
    • Durham Region Strategic Plan
    • Durham Works
    • Innovation
    • View More...
    View our Council page

    Council

    View our Open Data page

    Open Data

    View our Regional Services map

    Regional Services

I'd Like To...

Apply or Register For

  • Applications, Licences and Permits
  • Bidding Opportunities
  • Careers and Volunteering
  • Freedom of Information Request
  • Housing

Learn About

  • A to Z Services
  • Being New to Durham Region
  • Budget
  • By-Laws
  • Council
  • Durham Region Transit
  • Public Health Inspections

Report an Issue

  • By-Law Infraction
  • Downed Sign
  • Health Protection Complaint
  • Illegal Dumping
  • Missed Garbage or Recycling Pickup
View our X Page View our Facebook Page View our YouTube Page view our LinkedIn page
Data Privacy Week banner

Data Privacy Week

Decrease text size Default text size Increase text size
Print this page
Share this page
  • Facebook
  • LinkedIn
  • Twitter
  • Email

Welcome to Data Privacy Week 2025! From January 27 to 31, the Region of Durham is celebrating the importance of privacy. This year’s theme, 'Privacy starts with us', reminds us that privacy begins with the daily choices we make. Whether you're an individual or a business, we all play a key role in protecting personal information. Throughout the week, you’ll find resources and tips to safeguard your privacy and the personal information you handle. You’ll also learn how the Region collects, manages and protects your personal information.

What is Data Privacy Week?
Data Privacy Week, also recognized as Data Privacy Day on January 28, is an annual event that focuses on raising awareness about the importance of protecting personal information. It encourages individuals and organizations to take action to keep sensitive data safe and follow good privacy practices.
What is privacy and why it matters

Data privacy means having control over your personal information—what’s collected, how it’s used, and who can access it. It’s important because it allows you to decide how your personal details are shared and ensures your information isn’t misused in ways that could harm you. Protecting your privacy helps you stay in charge and prevents others from using your personal information for unwanted purposes, like targeted ads or identity theft.

 What is personal or personal health information?

Personal information is anything that can identify you, either on its own or when combined with other details. What counts as personal information depends on whether it can easily identify you in a given situation. Here are some examples:

  • Identifying details: Your name, address, gender, age, education, Social Insurance Number, fingerprints, blood type, and other unique identifiers.
  • Personal history: Medical records, mental health history, criminal records, or work history.
  • Financial information: Details about your transactions or bank accounts.
  • Opinions: Your personal views or opinions, unless they involve someone else.

Personal health information is any identifying information about you that: 

  • Relates to your physical or mental health, including your family health history.
  • Involves the health care you receive or who is providing it.
  • Is part of your long-term care plan.
  • Relates to paying for or qualifying for health care.
  • Involves donating body parts or substances, or comes from testing them.
  • Includes your health number.
  • Identifies your health care provider or your substitute decision-maker.
 Privacy vs. security

Privacy and security are closely related but are not the same. Privacy focuses on how personal information is handled—ensuring it’s collected, shared and used responsibly and transparently. For organizations like the Region, this means collecting personal information only when necessary and using it only for its intended purpose.

Security, on the other hand, is about protecting information from threats like cyberattacks, hacking, or unauthorized access. While security is crucial for keeping information safe, it doesn’t address privacy concerns, such as who can access the information or how it’s being used. Both are important, but they have different roles in ensuring personal information is both protected and respected.
 The risks of ignoring privacy

Ignoring privacy can lead to serious problems for both individuals and organizations. For individuals, not protecting privacy can result in identity theft, financial fraud, and the exposure of sensitive information, leading to financial loss and stress. In today’s digital world, many people unknowingly share too much personal information through social media, online shopping, or signing up for free services. This information can be misused by malicious actors, putting personal safety and reputation at risk. Without careful attention to privacy, personal information can be exposed to unintended audiences, causing lasting harm.

For organizations, failing to protect privacy can have major consequences, including expensive fines and legal trouble, especially as privacy laws get stricter. It can also damage an organization’s reputation, leading to the loss of customers' trust. In today’s world, ignoring privacy isn’t just risky—it can lead to significant personal and business setbacks.
Activities & Swag
Activities & Swag
Stop by our booth on the first floor of Regional Headquarters this week! We’ve got a variety of helpful resources, exciting swag, and fun activities waiting for you.
Quick Links
Quick Links

What is Privacy?
Privacy at the Region
Privacy Tips and Resources
Upcoming Events

Privacy Offices
Privacy Offices

The Region has two privacy offices: the Access and Privacy Office for the Region and a separate Privacy Office for the Health Department. Feel free to reach out to us!

Privacy at the Region

At the Region, your privacy is important to us. We only collect your personal information when it’s necessary to provide you with the services you need, like water billing, social services, or healthcare. When we do collect your information, we follow strict privacy laws to protect it. These laws are the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and the Personal Health Information Protection Act (PHIPA). To learn more about these laws, including when they apply, the rules they set and your rights under them, please click on the folder below.

In addition to following these laws, the Region is committed to maintaining the highest privacy standards. We achieve this by implementing strong internal policies, procedures and best practices, along with providing ongoing guidance to staff on how to responsibly collect, use, share, and protect personal information across the Region. To learn more about the Region's Privacy Offices, please click on the folder below.

 Privacy laws: MFIPPA and PHIPA

Across Canada, there are many privacy laws, but most government organizations only need to follow a few. For the Region, we have two specific privacy laws that apply to us, and which one applies depends on the type of information. Here's a breakdown:

  • Municipal Freedom of Information and Protection of Privacy Act covers all information the Region collects.
  • Personal Health Information Protection Act applies specifically to personal health information held by the Health Department and the Long-Term Care and Services for Seniors Division within the Social Services Department.

Although these laws set different rules, they both make sure that personal or personal health information is collected, used, shared, and protected in a responsible way. They also give you the right to access your own information from us. Click on the specific laws below to learn more about them.

Municipal Freedom of Information and Protection of Privacy Act

What is MFIPPA and who does it apply to?

The Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) is a law that protects your privacy and gives you the right to access information. It applies to all municipal government organizations in Ontario, including the Region of Durham, as well as our eight local municipalities (like Oshawa, Whitby, Ajax, etc.). MFIPPA covers all the information we hold, unless it's specifically excluded by the Act.

What rules does MFIPPA set for the Region?

  • Collection: We can only collect personal information when it's authorized by law, necessary for law enforcement, or required for carrying out a lawful activity. Typically, personal information must be collected directly from you and when we collect your information, we must provide you a notice of collection that explains the purpose of the collection, and who to contact with questions.

  • Use or sharing: We can only use or share your personal information for the purpose it was collected, or for a purpose you’ve agreed to. We can also share it if required by law, or with staff or contractors who need it to do their job. If we need to share your information with others, such as law enforcement or other agencies, we can do so in specific situations like legal requirements, public safety, or with your consent.

  • Accuracy: We required to take reasonable steps to ensure that the personal information we hold is accurate, complete, and up to date. We must verify and update your information as necessary to make sure it is correct before using it.

  • Retention: We will keep your personal information only for as long as necessary. Generally, we must keep it for at least one year, unless other laws or regional policies require a different timeframe, to give you the opportunity to request it.

  • Protecting your information: We are required to take appropriate security measures to protect your personal information from unauthorized access, use, or disclosure. Only individuals who need access for their work will be able to view your information, and we must ensure it is protected from accidental loss or damage.

What are my privacy rights under MFIPPA?

  • You have the right to access the information the Region holds about you, with some exceptions.
  • You can also ask for corrections to your personal information if you believe it’s incorrect or incomplete.

Where can I go if I have a privacy concern?

If you have concerns about how your personal information is being handled, or if you want to make a complaint, you can contact the Region’s Access and Privacy Office. If the issue isn’t resolved to your satisfaction, you can contact the Ontario Information and Privacy Commissioner, an independent office that ensures compliance with MFIPPA.
Personal Health Information Protection Act

What is PHIPA and who does it apply to?

The Personal Health Information Protection Act (PHIPA) is a law that protects your health privacy and gives you the right to access your own personal health information. It applies to a broad range of organizations like long-term care homes, paramedic services, and hospitals, and applies to personal health information only. At the Region, PHIPA only applies to two specific groups: 

  1. The Health Department 
  2. The Long-Term Care and Services for Seniors Division in the Social Services Departments

What is personal health information? 

Personal health information includes any written or verbal information about you that:

  • Relate to your physical or mental health, including your family health history.
  • Involve the health care you receive or who is providing it.
  • Are part of your long-term care plan.
  • Relate to paying for or qualifying for health care.
  • Involve donating body parts or substances, or come from testing them.
  • Include your health number.
  • Identify your substitute decision-maker.

What rules does PHIPA set for the Region?

  • Consent: We can collect, use, or share PHI only if you consent, or if it is required or allowed by law. 
  • Collection: We collect PHI directly from you, except in specific situations where indirect collection is necessary, such as with your consent or for healthcare when direct collection is not possible. 
  • Use: Generally, we will only use your PHI for the purpose it was collected, or for a purpose you have agreed to. Additionally, we may use it for other reasons, such as legal requirements, service improvements, or risk management. 
  • Sharing: Generally, we will only share your PHI for the purpose it was collected, or for a purpose you’ve agreed to. We may also share it for healthcare, funding, public health, research, quality improvement, legal proceedings, and system planning. 
  • Data minimization: We can only collect, use, or share the minimum amount of your PHI required to fulfill the purpose. 
  • Accuracy: We are required to take reasonable measures to ensure that confidential information is accurate, complete, and up to date for the purpose for which it is being used. 
  • Retention: We retain confidential information in accordance with the Region’s Corporate Classification Scheme and Divisional policies and procedures. 
  • Protecting your information: We are required to place appropriate safeguards to protect any confidential information from unauthorized access, use, or disclosure.

What are my privacy rights under PHIPA?

  • You have the right to access the personal health information that the Region holds about you, with some exceptions.
  • You can request corrections to your personal health information if you believe it is inaccurate or incomplete.
  • You have control over how your personal health information is used and shared, including the ability to withhold or withdraw consent for its collection, use, or disclosure, and provide specific instructions to limit access. We are required to respect your decisions unless disclosure is necessary for emergencies, public safety, or as otherwise permitted by law. This is often referred to as the "lock-box" provision.

Where can I go if I have a privacy concern?

If you have concerns about how your personal health information is being handled, or if you want to make a complaint, you can contact the Region’s Access and Privacy Office or the Health Department's Privacy Office. If the issue isn’t resolved to your satisfaction, you can contact the Ontario Information and Privacy Commissioner, an independent office that ensures compliance with PHIPA.
 Regional Privacy Offices

The Region has two dedicated privacy offices to help ensure the protection of your personal information. The Access and Privacy Office serves the entire Region, while the Health Department's Privacy Office specifically handles privacy matters for their department. Both offices are here to assist with any questions or concerns about how your personal or personal health information is collected, used, shared, or protected. Click on our offices below to learn more about us!

 Access and Privacy Office

The Access and Privacy Office is dedicated to safeguarding your personal information in accordance with the highest standards of privacy protection. Operating under the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and the Personal Health Information Protection Act (PHIPA), we ensure that your information is handled responsibly and securely. Led by our Corporate Privacy Officer and supported by a team of Privacy Analysts, our office is committed to upholding your privacy right and fostering public trust.

Here’s how we help:

  • Expert privacy advice: We provide guidance and recommendations to all departments to help them stay on top of privacy laws and keep your information safe.
  • Freedom of information requests: Got a question about access to public records? We manage requests and make sure your privacy is always respected.
  • Policy making & updates: We review and create new policies, procedures, and guidelines to keep privacy protection up to date.
  • Privacy training & awareness: We train regional staff to make sure everyone knows how to protect your privacy with the latest best practices.
  • Privacy impact assessments: Before new projects or initiatives launch at the Region, we assess any potential privacy risks to ensure everything is handled responsibly.
  • Investigating breaches & complaints: If there’s ever a concern or privacy breach, we investigate it and provide advice on the best way forward to protect your information.

We are here to ensure that your personal information is managed with the utmost care and in full compliance with our privacy laws. If you have any questions or concerns, please reach out—we are here to help!

Connect with us by phone, email or mail:

Access and Privacy Office
Phone: 905-668-4113, ext. 2050
Email: privacy@durham.ca
Mail: 605 Rossland Road East Whitby, Ontario Canada L1N 6A3
 Health Department's Privacy Office

Dr. Kyle is the Health Information Custodian in accordance with the Personal Health Information Protection Act. The Health Department's Privacy and Information Security program is supported by the Manager, Health Information, Privacy and Security and two Privacy Analysts. Together we ensure the overall development, implementation and on-going maintenance of the Health Department’s Privacy and Information Security Program. 

Our team provides a range of services, including:

  • Offering privacy advice, guidance, and recommendations to Health Department staff.
  • Reviewing and updating existing privacy and information security policies and procedures, and supporting the development and implementation of new ones.
  • Creating and delivering privacy and information security training and awareness programs.
  • Conducting privacy impact assessments and addressing recommendations to improve privacy practices.
  • Assisting both department staff and the public with inquiries regarding information requests under the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and the Personal Health Information Protection Act (PHIPA).
  • Investigating health privacy incidents and breaches, and implementing corrective measures to prevent recurrence.

Privacy tips and helpful resources

In today’s digital world, privacy is crucial for both individuals and businesses. Whether you're safeguarding your own personal information or ensuring compliance with privacy laws, taking proactive steps is essential to protect personal information from misuse. Below are key privacy tips and resources to help you manage and secure personal and organizational information responsibly.

 Tips for individuals

Your privacy is essential, and you play a key role in safeguarding it. Here are some practical tips to help protect your personal information:

  • Value your information: Treat your personal details like an asset—only share what's necessary. Be aware of your rights around consent, access, and how your information is used.

  • Verify who you're sharing with: Always ensure the person or organization you're sharing information with is trustworthy. Be cautious of scams and phishing attempts—double-check before sharing any personal details.

  • Read privacy policies: Take the time to understand how your personal information will be used by reading privacy policies. Only share your information if you're comfortable with their practices and how your data will be handled.

  • Update privacy settings: Regularly review and update your privacy settings on websites and apps. Control what personal information you share, such as your location, contacts, or browsing history.

  • Protect your accounts: Use strong passwords or passphrases and enable multi-factor authentication wherever possible to secure your online accounts.

  • Protect your devices: Keep your devices secure by installing updates promptly and regularly backing them up. This helps protect against security threats and prevents data loss.

  • Be cautious on social media: Think carefully before sharing personal information online. Consider setting your social media accounts to private and limit the exposure of sensitive details.

  • Clean up old data: Securely delete information you no longer need, and close old or unused accounts. Deleting old emails and files reduces the risk of exposing outdated personal data.

  • Act quickly if something goes wrong: If you suspect your privacy has been compromised, act quickly. Change your passwords, monitor your financial accounts, and report any breaches to the relevant authorities.

  • Talk about privacy: Discuss privacy concerns with your family and friends, particularly younger individuals who are just starting to explore the online world. Educating others can help everyone stay safer in digital spaces.

Taking these steps can help you maintain control over your personal information and reduce the risk of privacy breaches in today's connected world.
 Tips for businesses

Here’s a summary of key privacy tips for businesses:

  • Know your obligations: Understand the legal requirements regarding privacy and data protection that apply to your business.

  • Create a privacy plan: Develop a comprehensive privacy management plan that outlines how personal information will be handled, stored, and protected. This plan should help ensure that all processes comply with privacy regulations and best practices.

  • Appoint privacy champions: Designate senior staff or a dedicated privacy officer to oversee privacy practices and create a culture of privacy awareness within the organization. These leaders should be responsible for enforcing privacy policies and ensuring compliance.

  • Assess privacy risks: Conduct regular privacy impact assessments (PIAs) for projects that involve new collections of personal information or processing practices. This helps identify potential privacy risks and implement measures to minimize them before they arise.

  • Collect only necessary information: Limit the collection of personal information to what is strictly necessary for your business purposes. Avoid gathering excessive or irrelevant information, and securely dispose of information that is no longer needed.

  • Secure personal information: Implement robust security measures to protect personal information from misuse, loss, and unauthorized access. This includes encrypting sensitive data, using secure networks, and restricting access to authorized personnel only.

  • Simplify your privacy policy: Write a clear, concise, and easily accessible privacy policy that informs individuals about how their personal information will be used, stored, and protected. Transparency helps build trust with customers and employees.

  • Train your staff: Provide ongoing privacy training for all employees to ensure they understand their role in protecting personal information. Employees should be familiar with data protection laws and internal privacy protocols.

  • Prepare for privacy breaches: Have a clear, actionable plan in place for responding to privacy breaches. This plan should include steps to contain the breach, notify affected individuals, and mitigate potential harm.

  • Review your practices: Regularly evaluate and update your privacy policies and practices to ensure they align with current laws and address emerging risks. Keep an eye on regulatory changes and adapt your procedures accordingly.

By following these tips, organizations can strengthen their privacy management, comply with legal requirements, and build trust with the public.
 Helpful Resources 

The Information and Privacy Commissioner of Ontario helps protect privacy for individuals and organizations across the province, including overseeing privacy practices in municipalities and the provincial government. Their website has helpful resources for both individuals and organizations. Choose the link that fits what you're looking for:

  • Information for individuals
  • Guidance for organizations

The Office of the Privacy Commissioner of Canada also offers useful resources for individuals and businesses. Whether you're looking to protect your personal privacy or teach kids about privacy, their website has something for everyone. Pick the link that suits your needs:

  • Privacy for individuals
  • Privacy for kids
  • Privacy for businesses
Upcoming Privacy Events

Check out the events below to help you stay informed about privacy and keep up with best practices.

 List of privacy events
  • The Power of PETs: Privacy Enhancing Technologies
    Organizer: Information and Privacy Commissioner of Ontario
    Date: January 28, 2025, 9:15am to 12pm
    Location: online
    Link to register

  • Privacy and AI
    Organizer: National Cybersecurity Alliance
    Date: January 28, 2025, 1 to 1:30pm
    Location: online
    Link to register

  • Take Control of Your Data: Privacy Settings in Your Favorite Apps
    Organizer: National Cybersecurity Alliance
    Date: January 29, 2025, 1 to 1:30pm
    Location: online
    Link to register

  • Top of Mind Data Privacy Webinar 
    Organizer: Office of the Information and Privacy Commissioner of Saskatchewan
    Date: January 31, 2025, 12pm
    Location: online
    Link to register

  • Safeguard Your Kid's Data 
    Organizer: National Cybersecurity Alliance
    Date: January 31, 2025, 1 to 1:30pm
    Location: online
    Link to register
Receive email updates

Contact Us

Region of Durham logo

Living HereDiscovering DurhamDoing BusinessHealth and WellnessRegional Government

© 2025 Durham Region, 605 Rossland Road East, Whitby, Ontario L1N 6A3, Canada, Telephone (within regional limits): 311, Telephone: 905-668-7711, Toll-Free: 1-800-372-1102

Terms of UsePrivacyCareersA to Z ServicesContact UsSitemap
By GHD Digital