A guide for Ontario public bodies

Ontario FOI in transition.

Ontario's FOI regime is being rewritten in stages. Bill 194 brought new privacy obligations to FIPPA institutions in July 2025. Bill 97 — passed third reading on April 23, 2026 — extends those obligations to MFIPPA and resets the timelines for both Acts. Here's what your team needs to know now.

01

What's in force vs. what's coming

Operational changes under Bill 194 (July 2025) and Bill 97 (2026–2027).

In force now Bill 194 (FIPPA)
30 calendar days to respondFIPPA & MFIPPA — until Bill 97 in force
Mandatory PIAs before collecting personal infoFIPPA institutions only
Breach reporting on RROSH thresholdFIPPA: notify IPC + affected individuals
IPC binding orders & review powers under FIPPA
Coming Bill 97 (FIPPA + MFIPPA)
45 business days to respondPlus a second extension in defined cases
MFIPPA harmonized with FIPPAPIAs, breach reporting, safeguards — Jan 1, 2027
Annual reporting to IPC for both FIPPA & MFIPPA
EDSTA & ministerial-office records excluded from FIPPA
02

Six priorities for FOI Coordinators

Where to focus across the FIPPA/MFIPPA transition.

  • 01

    Know your coverage

    FIPPA or MFIPPA? Bill 194 obligations apply differently to each — for now.

  • 02

    Stand up your PIA program

    Required for FIPPA today. Required for MFIPPA from January 1, 2027.

  • 03

    Build breach response

    Define an RROSH workflow with notification, tracking, and annual reporting.

  • 04

    Manage records well

    Findable, organized, retained — the foundation of the right of access.

  • 05

    Modernize intake & tracking

    Prepare to handle 45-business-day clocks and second-extension scenarios.

  • 06

    Document defensible decisions

    Apply exemptions consistently; capture rationale to support IPC review.

03 · Built for Ontario FOI

Purpose-built for FIPPA and MFIPPA institutions in transition.

Receive, route, track, redact, and respond — inside Microsoft 365, with dual-clock deadline tracking through the Bill 97 cutover and audit-ready reporting in your own tenant.

Centralized intake

One auditable queue across every channel.

Workflow automation

Standardize routing, redaction, and approvals.

Dual-clock deadlines

30 calendar & 45 business day tracking.

Records linkage

Linked records, versioned decisions.

Security & compliance

Role-based access; your data, your tenant.

Reporting & insight

Statutory submissions, audit-ready.

04

Readiness checklist

Operational steps for the FIPPA/MFIPPA transition.

  • Confirm coverage — which Act applies, and which Bill 97 in-force dates affect you.
  • Stand up a PIA workflow with a designated privacy lead, intake form, and review cadence.
  • Develop RROSH-based breach response — assessment, IPC notification, individual notification, and tracking.
  • Prepare for the timeline shift from 30 calendar to 45 business days, and the new second-extension regime.
  • Stand up annual breach reporting with the data shape the IPC expects.
  • Train staff and FOI Coordinators on Bill 194 (live) and Bill 97 (incoming) obligations.
  • Pilot the end-to-end process with practice requests across the cutover.

Why teams choose AccessPoint

Built for the public sector

Designed around Canadian access & privacy law and government realities.

Familiar by design

Lives inside Microsoft 365 and Teams.

Scalable & configurable

Adapts to your size, structure, and workflows. Your data, your tenant.

See AccessPoint in action. A 15-minute walkthrough usually surfaces the biggest opportunities for your FOI team.

Request demo Start free trial
© 2026 Realizer Services Inc. About Privacy Terms