Privacy Protection Schedule
The privacy protection schedule ensures that the high privacy standards set by the Freedom of Information and Protection of Privacy Act (FOIPPA) are maintained for personal information held by service providers.
You must complete and attach a privacy protection schedule for all contracts between government and a service provider that involve personal information owned or controlled by government.
Unless an alternative version has been authorized by the Privacy, Compliance and Training Branch, use the privacy protection schedule template (MS Word). The language in this template is legally binding. Only modify the three fillable fields at the top of the page.
Alternative Privacy Protection Schedules
In some situations, the original wording of the privacy protection schedule template or the privacy protection schedule for cloud services template does not capture the circumstances or context of the contract and an alternative must be created. Any alternative schedule must be approved by the Privacy, Compliance and Training Branch.
You can submit a request to have an alternative privacy protection schedule reviewed to the privacy and access helpline. You must submit both the alternative version of the privacy protection schedule and a detailed explanation of why an alternative is required. Only changes that are equivalent to or better than the requirements of the original privacy protection schedule template will be considered.
If the contract involves cloud services and personal information, the privacy protection schedule for cloud services (MS Word) may be more appropriate. The privacy protection schedule for cloud services (MS Word) provides terms that are more appropriately applicable for cloud applications. Please note that this schedule should be used in conjunction with other technical, administrative or policy-based measures in order to address privacy risks.
For more information, consult Chapter 6 of the Ministry of Finance Core Policy and Procedures Manual.
The privacy protection schedule template (MS Word) can be modified and completed to suit the policy needs of other public sector organizations. A public body may wish to attach this privacy protection schedule to a contract between a public body and a contractor if the contractor will be collecting, creating, using, disclosing or storing personal information.