Sharing Personal Information
Sharing information is an important function of an effective public service.
The Freedom of Information and Protection of Privacy Act (FOIPPA) enables public bodies to share personal information in specific circumstances. FOIPPA reflects the public benefit that arises from information sharing. FOIPPA provides authorities that enable the collection, use and disclosure of personal information.
When the information sharing is authorized under FOIPPA, protecting personal information is not at odds with sharing personal information.
Information Sharing Agreements
Public bodies enter Information Sharing Agreements (ISAs) when there is a regular and systematic exchange of personal information between public sector organizations or between a public sector organization and an external agency. ISAs document the terms and conditions of the exchange of personal information in compliance with the provisions of the Act and any other applicable legislation.
ISAs help to ensure privacy protection where personal information is exchanged. In some cases, an ISA is required and in other cases the ISA is at the ministry’s discretion.
An ISA is an important tool for:
- Documenting information sharing conditions;
- Demonstrating compliance with FOIPPA and other legislation;
- Outlining each party’s responsibilities respecting the protection of personal information;
- Building a trusted information sharing relationship and;
- Harmonizing expectations for public bodies subject to different policies or legislation
The Information Sharing Directions (ISA Directions) are specific to ministries and encourage responsible and lawful information sharing. They provide direction on preparing ISAs, including when an ISA is required and when it can be prepared at the ministry’s discretion.
The Information Sharing Agreements Guidance (ISA Guidance) (PDF) provides support to ministry employees who work with ISAs in interpreting, understanding and putting the ISA Directions into practice. The ISA Guidance assists ministry employees in interpreting and understanding how to use the ISA Directions by translating the ISA Directions into plain language.
The ISA Guidance also addresses questions ministries may have about preparing ISAs.
Information Sharing Agreement Templates
The information sharing agreement template (MS Word) provides an example of a document that can be used when drafting ISAs.
Use the information sharing agreement supplement if you are completing a privacy impact assessment and your initiative involves an ISA.
Information Sharing Code of Practice
The Information Sharing Code of Practice (code) (PDF) recommends best practices for the collection, use and disclosure of personal information and applies to all public bodies subject to the Freedom of Information and Protection of Privacy Act (FOIPPA).
The code supports responsible and lawful personal information sharing, the protection of personal information and is designed to help public bodies put into practice foundational privacy principles. It has been developed in consultation with the Office of the Information and Privacy Commissioner.
The code describes:
- How public bodies should approach the collection, use and disclosure of personal information;
- That public bodies are encouraged to engage in responsible information sharing; and,
- That privacy should not be a barrier to sharing information where compelling circumstances related to health and safety are concerned.
Information Sharing Worksheet
The code contains an Information Sharing Worksheet (PDF) that can assist public sector employees in assessing the proposed information sharing activity and determining whether it is responsible and compliant with FOIPPA.
Public sector employees can use the worksheet to consider how the principles in the code inform the collection, use and/or disclosure of personal information.
De-identification is a process of transforming or removing personal information from a record to protect an individual’s privacy. The De-Identification Guidance (PDF) supports ministries to ensure that anonymization and partial de-identification are approached using a consistent framework with consideration to the protection of privacy.