Ontario · FIPPA & Bill 194

Access and privacy for Ontario public bodies, in one platform

AccessPoint manages FIPPA freedom-of-information requests and the privacy impact assessments now mandatory under Bill 194 — pre-configured for Ontario and running inside your own Microsoft 365 tenant.

Ontario at a glance

Response deadline
45 business days (Bill 97, in force July 1, 2026)
Extensions
Section 27, plus a one-time second extension under Bill 97
Application fee
$5, plus search and preparation fees per the FIPPA schedule
Privacy impact assessments
Mandatory before collecting personal information (Bill 194, since July 1, 2025)
Oversight
Information and Privacy Commissioner of Ontario (order-making, appeals)
Languages
English, with French-language services

Built for Ontario

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

FIPPA request lifecycle

Intake to disclosure on Ontario's statutory clock — the 45-business-day timeline under Bill 97 — with extensions, the FIPPA exemption and exclusion catalogue, fee estimates, and IPC-ready records, all built on Microsoft 365.

Bill 194 privacy impact assessments

Run the privacy impact assessment now required before your institution collects personal information — a guided questionnaire with screeners, an embedded risk register, and a defensible, exportable record.

Responsible-AI assessments

Assess automated decision-making systems as Ontario introduces public-sector AI accountability, using the same engine that runs your PIAs — scored, reviewed, and audit-trailed.

Breach notification to the IPC

Log a privacy breach, assess real risk of significant harm, and get a live checklist of what must be reported to the Commissioner and to affected individuals, and by when.

IPC appeals and complaints

Track appeals to the Information and Privacy Commissioner with their own statutory clocks, an investigation workspace, and a guided path from representations to closure.

In your own Ontario tenant

Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.

The Bill 194 mandate

Bill 194 turned privacy assessments into a legal requirement. AccessPoint runs them.

Since July 1, 2025, FIPPA institutions must complete a written privacy impact assessment before collecting personal information, report privacy breaches to the Information and Privacy Commissioner, and meet Ontario's first accountability rules for public-sector use of artificial intelligence. Most offices already handle FIPPA requests — but not this. AccessPoint operates all three on one platform, in your own tenant, so your privacy program and your access program live in the same system.

Mandatory PIAs A running assessment engine — not a template you fill in once and file away.
Breach reporting Statutory notification to the IPC and affected individuals, computed for you.
AI accountability Assess automated decision systems before they affect Ontarians.

Configured out of the box

Installing the ca-on-fippa configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: Ontario FOI in Transition
  • FIPPA (and MFIPPA) as the legal-authority and citation spine
  • Ontario statutory-holiday calendar and business-day due-date rules
  • The FIPPA exemption and exclusion catalogue, colour-coded for redaction
  • Section 27 extension reasons with citations and limits
  • Requestor fee categories and the FIPPA fee schedule
  • IPC appeal and complaint grounds and dispositions
  • Ontario timeliness brackets and the statutory statistical-report template
  • FIPPA correspondence templates with statutory wording

Ontario Questions

Does AccessPoint support Ontario's Bill 194 PIA requirement?

Yes. Bill 194 requires FIPPA institutions to complete a written privacy impact assessment before collecting personal information, effective July 1, 2025. AccessPoint's assessment engine runs PIAs end to end — screening, questionnaire, an embedded risk register, review, and an exportable regulator-ready summary — with a full audit trail.

Is MFIPPA (municipal) supported as well?

Yes. Ontario municipalities and local boards are covered by MFIPPA, which AccessPoint ships as a separate Ontario configuration because the section numbers diverge from FIPPA. The same platform serves provincial and municipal institutions.

Does it handle appeals to the IPC?

Yes. AccessPoint's complaints and appeals module tracks appeals to the Information and Privacy Commissioner of Ontario with their own statutory clocks, an investigation workspace, a representations sign-off, and a guided closure that records the disposition and any order.

Where does Ontario data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, documents, assessments, and audit history never leave your control — no third-party cloud and no cross-border data transfers.

Run FIPPA and Bill 194 in One Platform

Try AccessPoint free for 30 days, pre-configured for Ontario. No credit card required.

Start Free Trial