Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.

As privacy professionals across Canada navigate an increasingly complex digital landscape, the 2024–25 annual reports from the some of the country's privacy oversight bodies — the Office of the Privacy Commissioner of Canada, the Information and Privacy Commissioner of Ontario, and the Office of the Information and Privacy Commissioner for British Columbia — offer a few insights into emerging trends, regulatory priorities and public sentiment.

The problem is that most people see these reports as simply a bureaucratic necessity and don't take the time to fully digest them. I actually do pay attention and wish our politicians and policy developers did as well.

This is just a tiny glimpse into some of the more pertinent points and issues raised in these reports. To be clear, there's much more to be learned from the reports themselves, but at least you'll get a flavor of what jumps out for me.

ADVERTISEMENT

Syrenis- How Arizona Blue Cross Blue Shield transformed consent management

Federal focus: OPC prioritizes AI, children's privacy and modernization

The OPC's report, "Prioritizing privacy in a data-driven world," released 5 June, underscores the federal office's commitment to addressing the privacy implications of emerging technologies. Key highlights include:

  • A major internal transformation plan launched in January to modernize operations and improve responsiveness. As someone who represents organizations interacting with the OPC, I am experiencing this aspect of its reorganization first-hand and think it will lead to some efficiencies and practical results.
  • Strategic focus on children's privacy, generative artificial intelligence and data governance. This seems like a no brainer, but organizations should take note that these are areas where the OPC is going to pay close attention.
  • Public opinion surveys show that 83% of Canadians are concerned about AI and privacy and 88% are uneasy about their data being used to train AI systems. These issues are clearly a concern to Canadians, but we see so little tangible action from political representatives so far, so it's a little curious. In Ottawa there is also a sense things are brewing in this area and that it's just a matter of time before we see how things — like how to approach AI in terms of encouraging innovation and regulating — will take shape.

Ontario IPC: Transparency and breach reporting take center stage

The Ontario IPC's 2024 Annual Report, also released in June 2025, emphasizes transparency and access to information. It's a remarkable and well-presented wrap-up, in many ways, of a successful first mandate by Commissioner Patricia Kosseim, who begins her second term.

Notable developments include:

  • Recognition of organizations doing better with their access to information and privacy management programs, including significantly reducing access to information backlogs. It's important for regulators to point out the positives and when the organizations they oversee are doing well. I think it's great to give examples of what to strive toward as opposed to always pointing out where organizations have failed. I noticed a similar, welcome approach in the OPC's report, by the way.
  • Introduction of mandatory breach reporting under Bill 194, effective 1 July, for institutions governed by the Freedom of Information and Protection of Privacy Act. And, if your organization is subject to the Municipal Freedom of Information and Protection of Privacy Act, just know the regulator expects you to behave as though you're subject to the same obligations.

British Columbia OIPC: Oversight, investigations and municipal accountability

Released 25 June 25, the British Columbia OIPC's 2024–25 Annual Report and Service Plan highlights the office's investigative work and strategic goals, including:

  • Investigations into various public bodies' disclosure practices — including what was done well and what needs to be done better.
  • A continued focus on strengthening oversight, enhancing public trust and promoting responsible data use.

These reports collectively signal a growing emphasis on technological accountability, public transparency and regulatory modernization. For privacy professionals, staying informed on what regulators are saying in their annual reports — documents they take really seriously — is essential for compliance, risk management and strategic planning. It's not just bureaucratic necessity.

You can read tea leaves, or you can read these. It's up to you. Hopefully these little snippets have whet your appetite and you explore them further.

Kris Klein, CIPP/C, CIPM, FIP, is the managing director, Canada, for the IAPP.

This article originally appeared in the Canada Dashboard Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.