Privacy Protection Schedule

Last updated on September 29, 2023

The privacy protection schedule ensures that the high privacy standards set by the Freedom of Information and Protection of Privacy Act (FOIPPA) are maintained for personal information held by service providers.

Government ministries and other public sector organizations can attach a privacy protection schedule to any contracts that involve personal information.

Ministries

You must complete and attach a privacy protection schedule for all contracts between government and a service provider that involve personal information owned or controlled by government.

Unless an alternative version has been authorized by the Corporate Privacy Office, use the privacy protection schedule template (MS Word). The language in this template is legally binding. Only modify the three fillable fields at the top of the page.

Alternative Privacy Protection Schedules

In some situations, the original wording of the privacy protection schedule template or the privacy protection schedule for cloud services template does not capture the circumstances or context of the contract and an alternative must be created. Any alternative schedule must be approved by the Corporate Privacy Office.

You can submit a request to have an alternative privacy protection schedule reviewed to the privacy and access helpline. You must submit both the alternative version of the privacy protection schedule and a detailed explanation of why an alternative is required. Only changes that are equivalent to or better than the requirements of the original privacy protection schedule template will be considered.

Cloud

If the contract involves cloud services and personal information, the privacy protection schedule for cloud services (MS Word) may be more appropriate. The privacy protection schedule for cloud services (MS Word) provides terms that are more appropriately applicable for cloud applications. Please note that this schedule should be used in conjunction with other technical, administrative or policy-based measures in order to address privacy risks.

For more information, consult Chapter 6 of the Ministry of Finance Core Policy and Procedures Manual.

Other Public Sector Organizations

The privacy protection schedule template (MS Word) can be modified and completed to suit the policy needs of other public sector organizations. A public body may wish to attach this privacy protection schedule to a contract between a public body and a contractor if the contractor will be collecting, creating, using, disclosing or storing personal information. 

Encryption of Information & Laptops

According to the encryption of personal information memorandum (PDF), all employees and service providers to government must encrypt personal information on portable storage devices, including laptops.

Training for Contractors

All government contractors and service providers who collect or create personal information must complete training in privacy and information sharing.

Contact information