Toronto police Chief Myron Demkiw speaks during a press conference to announce the results of the Project South police corruption probe, Feb. 5, 2026.Jon Blacker/The Canadian Press
Toronto Police should increase data training and limit some credentials for officers accessing confidential law-enforcement databases, the city’s auditor-general has recommended.
The recommendation is the result of a review of the force’s database and cybersecurity policies, and comes after allegations of corruption in the Project South probe.
The report by Auditor-General Tara Anderson, which is set to be tabled at a Thursday meeting of the Toronto Police civilian-oversight board, calls for all Toronto police officers, civilians and contractors to complete a yearly attestation that they will handle data properly.
The report also urges that the force remove access to specialized databases from officers whose jobs have changed and who no longer require access to these tools.
Database breaches are at the core of the allegations laid out in Project South, announced by York Regional Police in February as one of the largest police corruption busts in Canadian history.
Thirty federal cases affected after Toronto police officers charged in Project South probe
Seven serving Toronto police officers and a retired officer, as well as 19 civilians, have been charged on an array of allegations, including a plot to murder a corrections officer, bribes and drug trafficking. Investigators have said members of organized crime groups were buying data and addresses from police officers, and that this information was then used to coordinate shootings and other crimes.
Ms. Anderson’s audit was launched months before the Project South probe was announced, according to Toronto Police Service Board chair Shelley Carroll, who said she supports the recommendations to increase police accountability and transparency.
“We have to monitor and do random checks and make sure that if you are accessing data, you have a real purpose in doing so, that speaks to the police business you’re doing right now, at this very minute,” Ms. Carroll said in an interview.
“It’s a really a matter – and the auditor-general highlights this – of taking some of the digital systems that we’ve implemented to make officers better at their jobs, and now using them to give us a layer of accountability too.”
Toronto Police division at core of Project South probe has history of data breaches
Following the Project South allegations, the board asked Ms. Anderson to include anti-corruption advice in her office’s police-data audit. “We urged her to take this last-minute screen of the work she had done to see if there was anything else, in light of Project South, that she wanted to add in terms of recommendations,” Ms. Carroll said.
The auditor-general’s report urges the board to request that Police Chief Myron Demkiw take concrete steps to “strengthen data governance and privacy.”
The Toronto Police declined to comment on the auditor-general’s report ahead of Thursday’s board meeting.
However, Chief Demkiw and his team have already responded in writing in a board-filed report that says they agree with the auditor-general’s recommendations – though the proposed new guardrails may require significant investments.
“Implementation is dependent upon obtaining appropriate budget and resource allocations,” the response says. Another part says that “additional funding and resources will be required to support staffing to proactively review and perform remediation activities.”
Toronto Police Service management says that several of the auditor-general’s recommendations could be absorbed by the anti-corruption plans Chief Demkiw had announced earlier this year.
However, some observers say that there are inherent limitations to police promises to better protect people’s data.
Ontario’s Information and Privacy Commissioner Patricia Kosseim welcomed the auditor-general’s report, but also said that outside watchdog agencies such as her own should play a stronger role in scrutinizing police data misuse.
“Public trust also depends on independent oversight, transparency, consistent standards, and assurances that any unauthorized handling of personal information is dealt with to prevent broader systemic issues,” she said in an e-mail.
Ms. Kosseim said that her office “has long called for stronger enforcement powers and privacy safeguards in Ontario’s public sector, including mandatory breach reporting and privacy impact assessments before police or other public institutions collect personal information.”
The province’s Inspector-General of Policing has hired a retired appellate court judge to launch a sweeping Ontario-wide review of police services that is estimated take 18 months.
The terms of that review say the aim will be to better monitor police database systems, and “prevent misuse and detect early warning signs of corruption or potentially corrupt activity.”