Guidance Document: Taking Privacy into Account Before Making Contracting Decisions
2. About the Guidance Document
The guidance document was developed by the Treasury Board Secretariat (the Secretariat) after consultation with federal government privacy and contracting experts. It is strongly recommended that institutions follow the advice offered in this document in order to mitigate privacy risks.
Each institution is responsible and accountable for any personal information under its care. Personal information is defined in section 3 of the Privacy Act as "information about an identifiable individual that is recorded in any form".
The document provides federal government officials involved in contract management with an overview of the possible strategies available to protect personal information and addresses privacy issues in contracting out that may be associated with the USA PATRIOT Act or other similar foreign legislation.
Benefits of using the document
The guidance document will help you in two ways:
- Firstly, it provides upfront assistance to government officials before the commencement of a contracting process in which personal information may be handled under a proposed contract. This first phase, covered in steps 1 and 2 (under "Steps to Follow"), will guide you in making an informed decision on whether an outsourcing contract is appropriate or not or, in cases where a contract is already in place, whether the contract should be renewed.
- Secondly, once a decision has been made to proceed with a contract, steps 3 to 5 will provide guidance on clauses and wording that can be considered for requests for proposals (RFP), statements of work (SOW), and contracts, all of which are designed to mitigate privacy risks.
Who should use the document?
The guidance document contains general policy advice for all federal government institutions that are subject to the Privacy Act. This includes approximately 250 federal departments, agencies, and Crown corporations.
The document is therefore useful for all federal government employees involved in program and service development and delivery that includes the collection, use, disclosure, retention, and disposal of personal information.
- Date modified: