Office of the Information and Privacy Commissioner
August 8, 2017

Office of the Information and Privacy Commissioner - Audit of Information Sharing Agreements Released

The Information and Privacy Commissioner, Donovan Molloy, Q.C. has released an Audit Report on Information Sharing Agreements: Essential Administrative Safeguards under authority of the Access to Information and Protection of Privacy Act, 2015.

The purpose of this Report is to document best practices in Information Sharing Agreements (ISAs), taking into consideration a public body’s obligations under the ATIPPA, 2015. Service NL’s Motor Registration Division (MRD) database was the focus of the audit, as Service NL is party to numerous ISAs that provide external entities access, directly or indirectly, to the information contained in the MRD database. The Report outlines legislative requirements, presents findings from the audit and discusses key observations and recommendations.

“Protecting the privacy of personal information requires more than the OIPC making recommendations in response to breaches that have already occurred,” says Commissioner Molloy. “Proactive approaches are intended to reduce the likelihood of future breaches. When a public body embraces the process like Service NL did in this instance, it is a positive exercise that facilitates the improvement of safeguards meant to prevent unauthorized disclosures of personal information.”

The OIPC encourages every public body to review the standards discussed in this Report, to conduct internal reviews to determine their own level of compliance and to contact the OIPC if our assistance is needed.

To view the Report in its entirety, go to the Audit and Compliance Program page, at: //

- 30 -

Media Contact
Sean Murray
Director of Special Projects
(709) 729-6476


2017 08 08                                                    10:45 a.m.