Ontario’s AI Audit Is a Warning Shot for Every Organization

Written By Charmaine Nyanhemwa

On May 12, 2026, Ontario’s Auditor General Shelley Spence released a special report on the use of artificial intelligence across the Ontario Public Service (OPS). The findings were striking, not because the government failed at some exotic, cutting-edge challenge, but because it failed at the basics. And what happened inside Ontario’s ministries is almost certainly happening inside your organization too.

What the Auditor Found

The audit examined OPS AI use between January and November 2025. In that window:

- 12,000 government employees accessed roughly 400 AI websites — text, image, and code generation tools — on government devices.

- 244 of those sites (about 60%) were rated unsafe or unsecured by Microsoft Defender, the government’s own cybersecurity software.

- Staff uploaded sensitive personal information — including health card numbers, driver’s licences, and credit card information — along with confidential government documents such as vendor contracts and invoices.

- The government’s only officially approved AI tool, Microsoft Copilot, accounted for just 6% of total AI usage.

- Only 1,800 of 55,000 public servants — roughly 3% — had completed the government’s Responsible Use of AI training. That training was not mandatory.

On the healthcare side, the Auditor found that AI Scribe systems — software used to generate medical notes for doctors — were procured without adequate security assessments, bias testing, or live demonstrations. The report noted AI “hallucinations”: instances where the software generated incorrect medications, missed mental health details, or recorded treatment suggestions the doctor never made.

The Auditor General’s summary was blunt: “AI is not just a technology issue — it’s a governance issue.”

The “Shadow AI” Problem

What the report describes is a phenomenon now common in organizations of all types: Shadow AI. Employees, seeking efficiency gains and unimpeded by meaningful guardrails, simply go around approved channels and use whatever AI tools are available on the open internet. The employer may have a policy. It may even have an approved tool. But without technical controls, monitoring, and meaningful training, policy on paper is not the same as compliance in practice.

The risk is multi-layered:

Privacy exposure - When an employee uploads a client contract, a personnel file, or customer data into a public AI tool, that information may be retained by the platform and used to train its underlying model. The organization loses control of that data the moment it leaves its environment — often without knowing it happened.

Regulatory liability - In Ontario, PIPEDA and PHIPA impose obligations on organizations to implement reasonable security safeguards for personal information. Allowing employees to routinely upload personal data into unvetted third-party platforms is difficult to reconcile with those obligations. The OPC’s recent finding against OpenAI — that it collected and used personal information without adequate consent — underscores that regulators are paying attention to how AI platforms handle data on the back end, not just the front end.

Contractual risk - Many AI platforms’ terms of service permit them to use uploaded content for model training. Organizations may be in breach of confidentiality obligations to clients or counterparties if employee use of these tools results in the inadvertent disclosure of information subject to those protections.

Healthcare-specific risk - The AI Scribe findings illustrate a distinct danger in regulated sectors: where AI outputs feed directly into clinical or other high-stakes decisions, inadequate validation creates liability exposure that goes well beyond data privacy. An inaccurate medical note is not just a technology failure.

Why This Matters for Your Organization

The OPS is a large, sophisticated employer with a formal AI strategy, a dedicated Ministry responsible for digital governance, and legislation — the Enhancing Digital Security and Trust Act — specifically designed to govern AI use in the public sector. And it still ended up in this position.

Private sector organizations typically have fewer governance resources, less formal oversight, and no equivalent of an Auditor General to flag problems before they become incidents. The gap between stated AI policy and actual employee practice is almost certainly present in most organizations. The question is whether you know the shape of that gap.

Practical Steps

  1. Conduct an AI use inventory: Before you can govern AI use, you need to know what tools your employees are actually using — not what tools you’ve approved. Network monitoring, employee surveys, and departmental audits can surface the shadow AI landscape.

  2. Implement technical controls, not just policies: A policy prohibiting the use of unsanctioned AI tools is meaningless without the technical infrastructure to enforce it. Access controls, URL filtering, and data loss prevention tools are the operational layer that makes policy real.

  3. Review your AI vendors: If your organization has procured AI tools — whether for productivity, customer service, HR, or any other function — examine the contractual and security terms carefully. What data does the vendor collect? How is it used? Is it retained? Does the vendor’s security posture meet your own obligations under applicable privacy legislation?

  4. Make training mandatory and meaningful: Three percent training completion is not a training program — it’s a document that exists. Responsible AI use training should be mandatory, role-specific, and regularly updated as the technology and regulatory landscape evolves.

  5. Assign accountability: The Auditor found that Ontario’s AI governance lacked measurable objectives, implementation timelines, and accountability mechanisms. Governance without accountable owners is governance in name only. Designate who in your organization owns AI risk.

  6. Assess healthcare and other regulated-sector deployments separately: If AI tools are being used in contexts where outputs inform clinical, legal, financial, or other regulated decisions, the validation and procurement standards need to be materially higher than for general productivity tools.

The Broader Context

Ontario’s audit lands at an interesting moment. The federal government is simultaneously investing heavily in AI adoption — just this week, it announced nearly $16.5 million in new AI funding for Greater Toronto Area businesses — while the regulatory framework struggles to keep pace. Canada’s federal private sector privacy legislation (the long-anticipated successor to PIPEDA) remains unfinished. Ontario’s own Enhancing Digital Security and Trust Act is still rolling out its regulatory regime.

In this environment, organizations cannot wait for comprehensive AI regulation to tell them what responsible practice looks like. The Auditor General’s report is a useful proxy: if a regulator showed up tomorrow and examined your organization’s AI use the way Spence examined the OPS, what would they find?

The time to answer that question honestly is now — before an incident, a breach, or a finding forces the answer.

This post is for general informational purposes only and does not constitute legal advice. If you have questions about AI governance, privacy obligations, or technology risk management in your organization, please contact us.

Charmaine Nyanhemwa
Previous

Jerusalem Over Babel: A Catholic Lawyer’s Response to Magnifica Humanitas
Next

Four Regulators, One Verdict: What the Canadian ChatGPT Privacy Finding Means for Your Business