Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
The case for government agencies identifying opportunities to work together to provide public services is compelling. We expect government to be efficient, to deliver services based on sound reasoning and in ways that bring the most benefit to the people they are trying to help.
Public programmes can be designed in ways that allow sensible service delivery and a collaborative approach, without intruding on individuals’ rights, or exposing the agencies involved to legal risk.
The Privacy Act is, at its core, a flexible and enabling piece of legislation. However, sometimes it has been perceived as getting in the way of agencies working together. Sometimes those perceptions have been true, particularly when personal information gathered for a narrowly defined purpose is to be used in a new way, and by other agencies, as part of a proposed service delivery innovation.
The Approved Information Sharing Agreement (AISA) mechanism, proposed by the Law Commission and brought into law in February 2013, is designed to provide an answer to the “Because of the Privacy Act” objection to innovation in service delivery.
To support public sector understanding of how to design an AISA and make it work, we’ve published a guidance document that explains what an AISA can do and how to make it comply with the Privacy Act’s requirements.
Our AISA guidance includes checkpoints, scenarios and tips to help you.
Consider this hypothetical scenario. There is high youth unemployment in Northland and the government wants to improve outcomes for this group. An AISA could enable a wraparound service to be developed for school leavers. This might involve Work and Income, CYFS, Police, local schools, iwi organisations, the local employers’ association and other youth focused community groups. These parties could regularly meet to discuss individual cases. The AISA would describe the personal information that each party may share with each other.
If an agency can describe which parties are to be involved in delivering a public service, what information they need to do it, and what they are going to do with that information, they can begin to draft an AISA that will remove any questions about whether the Privacy Act will get in the way.
From our perspective as a watchdog, the AISA model means agencies can build in protections that allow the public to have confidence that the proposal is reasonable, proportionate and subject to adequate safeguards.
AISAs can enable efficient and responsive public services in ways that do not sacrifice important rights, and without adding unnecessary risk of privacy breaches. One additional safeguard is that I have the power to review an AISA 12 months after it becomes operational.
An A to Z of Approved Information Sharing Agreements is designed to be a practical user friendly guide. We depend on your feedback. If you have ideas on how to improve it, please get in touch.
Back