Managing Contracts under the foip act


Contracting for Service Delivery



Download 0.57 Mb.
Page6/31
Date02.02.2017
Size0.57 Mb.
#16571
1   2   3   4   5   6   7   8   9   ...   31

2.6
Contracting for Service Delivery

Contracting with non-governmental third parties is a common method of service delivery used by public bodies. All or a portion of an existing service previously delivered by government, or a new government service, may be “outsourced” for delivery by a private-sector or non-profit organization. The public body generally pays the service provider a contracted sum for the delivery of the services; however, in some cases, the public body authorizes the service provider to charge a user fee for providing the service.

Outsourcing has been used for the delivery of various services, including information technology services, safety and technical inspections, highway maintenance, registry services, government licensing functions, and the operation of programs and facilities. The public body remains accountable for the program and the performance of the service provider.


Access and privacy considerations


The outsourcing agreement should state whether the public body maintains control over the records. Where the control is to remain with the public body, the agreement should address access to information, protection of personal information and records management.

Outsourcing agreements often require the service provider to store and process information under the control of the public body off-site. These contracts usually require a significant level of detail, especially with regard to records management and, if personal information is involved, the protection of privacy.

The Government’s draft Policy for Protection of Personal Information in Information Technology Outsource Contracts requires personal information to be processed and stored in Canada, preferably in Alberta.

Any outsourcing agreement that involves the transfer of personal information outside Alberta requires consideration of the interaction between the FOIP Act and other legislation that may be applicable to the contractor, as well as government policy on transborder data processing and storage.



Related sections of this Guide

Chapter

  • Key concepts: Application of the FOIP Act to contractors; custody and control

1.2

  • Processing or storage of personal information outside Alberta

4.2

  • IT outsourcing contracts

4.3

  • Business case

5.2

  • Privacy Impact Assessment (PIA)

5.4

5.6

  • Tendering process

  • Drafting the contract: Protection of privacy

5.7

6.3; esp. cl. Ff







2.7
Privatization

A public body may choose to stop delivering certain services and offer non-government organizations the opportunity to move into the service field. These organizations may be private-sector organizations, non-profit organizations, or a combination of the two. In these instances, the public body may continue to carry on an inspection or auditing role, or undertake licensing and set standards of operations. However, the public body’s control over records transferred to, or created in, a privatized service environment would normally end. The records and personal information would no longer be subject to the FOIP Act. This would include personal information that was originally collected by the public body under conditions that imposed statutory requirements on the public body to protect the privacy of the individuals involved with the service.

It is imperative that a public body obtain legal advice at the concept stage of a proposal for privatization.


Access and privacy considerations


The best way to effect the transfer of records and eliminate control by the public body is through legislation supported by an agreement. It is important to define clearly which records or functions will remain within the control of the public body, and which records or functions will be transferred to the control of the private service operator. The agreement should clearly identify the authority under which the transfer takes place and the records that are no longer in the custody or under control of the public body and therefore no longer subject to the FOIP Act.

The implementation strategy to effect the privatization should include a record retention and disposition schedule for the alienation of records transferred to the contractor. The schedule should be authorized by the Alberta Records Management Committee before the agreement is signed. The Provincial Archives of Alberta should also be consulted during the contract negotiations, since the Archives may wish to establish procedures for preserving any archival records.

If the transferred records include personal information, the public body should satisfy itself that the private service operator has the ability to protect the personal information in compliance with Alberta’s Personal Information Protection Act (PIPA) and, where applicable, the federal Personal Information Protection and Electronic Documents Act (PIPEDA).

Special consideration is required where the service provider is a non-profit organization as defined in PIPA. The personal information in the custody or under the control of these organizations is subject to PIPA only when the information is collected, used or disclosed by the organization in connection with a commercial activity. Wherever possible, the public body should negotiate a clause in the agreement under which the private service operator agrees to establish a privacy policy designed to ensure protection of personal information equivalent to the protection provided under either Part 2 of the FOIP Act or PIPA.



Related sections of this Guide

Chapter

  • Other Alberta legislation: PIPA

    3.2

  • Business case

  • Privacy Impact Assessment (PIA)

    5.2

    5.4


  • Organization of records for alternative service delivery

    5.6


1   2   3   4   5   6   7   8   9   ...   31




The database is protected by copyright ©ininet.org 2024
send message

    Main page