Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 128 Before disclosing personal information to an information management service provider, a local authority must have a written agreement in place that includes the requirements outlined at subsection 23.2(2) of LA FOIP. An information sharing agreement is a written record of understanding between parties that outlines the terms and conditions under which personal information is shared between the parties. An adequate information sharing agreement should be in place between the parties to protect the personal information involved and to ensure compliance.352 Subsection 23.2(2) of LA FOIP sets out specific requirements that must be in an information sharing agreement between a local authority and an information management service provider. The agreement must address: • The access to, use, disclosure, storage, archiving, modification and destruction of personal information (s. 23.2(2)(a)) • The protection of personal information (s. 23.2(2)(b)) • The requirements of LA FOIP and The Local Authority Freedom of Information and Protection of Privacy Regulations (LA FOIP Regulations). Specifically, section 8.2 of the LA FOIP Regulations which provides: 352 Government of Canada, Treasury Board of Canada Secretariat resource, Guidance on Preparing Information Sharing Agreements Involving Personal Information. Available at https://www.canada.ca/en/treasury-board-secretariat/services/access-informationprivacy/privacy/guidance-preparing-information-sharing-agreements-involving-personalinformation.html. Updated July 2010. Accessed June 23, 2020. Agreement between local authority and information management service provider 8.2 For the purposes of clause 23.2(2)(c) of the Act, a written agreement that is entered into between a local authority and an information management service provider must include: (a) a description of the specific service the information management service provider will deliver; (b) provisions setting out the obligations of the information management service provider respecting the security and safeguarding of personal information; and (c) provisions for the destruction of the personal information, if applicable.
RkJQdWJsaXNoZXIy MTgwMjYzOA==