In a blog post, Information and Privacy Commissioner of Ontario Patricia Kosseim outlines takeaways from an investigation into the sale of deidentified data by a health information custodian to a third party. Kosseim notes the process of deidentification is considered to be a use under the Personal Health Information Protection Act and health information custodians should be transparent about their information practices. “In today’s digital world where health data is an increasingly valuable commodity, the stakes have never been higher,” she said.
Ontario IPC talks legal, ethical issues involving deidentified data
Related stories
Notes from the IAPP Canada: Consultation period on CBPR implementation ends 30 June
CPPA Board tees up new consultation on draft ADMT, cybersecurity audit, risk assessment regulations
Ireland's DPC finalizes TikTok decision with potential data transfer ban
A view from DC: Colorado considers re-forging AI guardrails
Biometric promises, regulatory gaps: Why Canada needs a new approach to facial recognition technology
