You are using an outdated browser. We suggest you update your browser for a better experience. Click here for update.
Close this notification.
Skip to main content Skip to search

COVID-19: Get the latest updates or take a self-assessment.

Privacy Impact Assessments

A privacy impact assessment evaluates a program or information system’s privacy risks and compliance with Ontario’s Personal Health Information Protection Act, 2004, Freedom of Information and Protection of Privacy Act and CCO’s Privacy Policy. CCO then implements the recommendations detailed in the assessment. When needed, an assessment also details mitigating strategies and an action plan.


Privacy Impact Assessments review issues including:

  • need for program or system
  • personal health information collection
  • data usage
  • consent and notification management
  • data protection measures
  • compliance with Personal Health Information Protection Act, 2004


Assessments focus on new and existing programs or systems. We assess new programs or systems to ensure privacy is considered throughout their design. The privacy assessment may also help determine whether CCO will proceed with development. We assess existing programs or systems to see whether they meet privacy requirements or need revision.


In addition, privacy impact assessments:

  • assess organization-wide practices that could have an impact on privacy (e.g., an email policy)
  • address protection safeguards during data collection, transfer and storage, which may include separate analysis of technical security measures and threat risk assessment
  • provide assurance that privacy issues are either resolved or undergoing mitigation
  • promote understanding on how CCO handles personal health information and generate public trust that it is handled responsibly
Summaries of Completed Privacy Impact Assessments
Program or Project  Date
Sandy Lake SAR Pilot   Feb 2, 2017
CCO Ontario Breast Screening Program Correspondence Phase 2: Invitation-Reminders, Recalls, Recall-Reminders and Normal Results Jan 20, 2017
Ontario Breast Screening Program Jan 20, 2017
Specialized Services Oversight Information System – Interventional Radiology Jan 20, 2017
The Interactive Symptom Assessment and Collection (ISAAC) Application Privacy Impact Assessment Addendum Sep 3, 2019
Electronic Canadian Triage and Acuity Scale (eCTAS) Dec 13, 2016
New Drug Funding Program (NDFP) e-claims Solution Project June 2012
Integrated Cancer Management System  

To request detailed results of privacy assessments, call the CCO Legal and Privacy Office at 416-217-1816 or email us.