Taking Privacy into Account Prior to Making Contracting Decisions

The draft of the policy guidance document titled, Taking Privacy into Account Prior to Making Contracting Decisions, was developed in response to privacy risks associated with the potential exposure of Canadians’ personal information to U.S. authorities under the USA PATRIOT Act. 

• The draft Guidance Document was posted to our web site to consult with the Access to Information and Privacy community.

• The consultation period is now complete and the document is being revised to reflect the input we have received.

The guidance is applicable to all federal institutions subject to the Privacy Act. It is the result of significant interdisciplinary collaboration involving an interdepartmental team of legal, privacy, procurement and program officials across the government and advice received from the Office of the Privacy Commissioner. 

The document provides proactive advice to government officials before the commencement of the contracting process where personal information may be involved. It includes: 

• a step-by-step process for identifying, rating and weighing privacy risk factors in order to help make informed decisions on contracting; 

• an identification of other key considerations such as international trade agreements and security; 

• a description of assessment tools such as the privacy invasion test and the privacy protection checklist; 

• specific considerations for drafting clauses in RFPs and Contracts such as establishing control, confidentiality, audits etc.; 

• a few RFP example clauses for high risk situations; 

• and a table for assessing risks to possible application of foreign laws. 

Any questions you may have concerning the guidance document may be addressed to Ms. Andrée Morissette at 952-3222 or Morissette.Andree@tbs-sct.gc.ca or Mr.Terry Murray at 957-2562 or Murray.Terry@tbs-sct.gc.ca.

Donald Lemieux

 A/Executive Director
Information, Privacy and Security Policy Division
Chief Information Officer Branch