Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

About OPC

Print | Email this page

Background to AISAs

Public programmes can be designed in ways that allow sensible service delivery and a collaborative approach, without intruding on individuals’ rights, or exposing the agencies involved to legal risk.

The Privacy Act, at its core, is a flexible and enabling piece of legislation. However, sometimes it has been perceived as getting in the way of agencies working together. Sometimes those perceptions have been true, particularly when personal information gathered for a narrowly defined purpose is to be used in a new way, and by other agencies, as part of a proposed service delivery innovation.

The Approved Information Sharing Agreement (AISA) mechanism, proposed by the Law Commission and brought into law in February 2013, is designed to provide an answer to the “Because of the Privacy Act” objection to innovation in service delivery.

To support public sector understanding of how to design an AISA and make it work, we’ve published a guidance document that explains what an AISA can do and how to make it comply with the Privacy Act’s requirements. Read our guidance (opens to PDF, 885KB).

Example of an AISA in practice

There is high youth unemployment in Northland and the government wants to improve outcomes for this group. An AISA could enable a wraparound service to be developed for school leavers.

This might involve the Ministry of Social Development (MSD), Oranga Tamariki, Police, local schools, iwi organisations, the local employers’ association and other youth focused community groups. These parties could regularly meet to discuss individual cases. The AISA would describe the personal information that each party may share with each other.

If an agency can describe which parties are to be involved in delivering a public service, what information they need to do it, and what they are going to do with that information, they can begin to draft an AISA that will remove any questions about whether the Privacy Act will get in the way.

From our perspective as a regulator, the AISA model means agencies can build in protections that allow the public to have confidence that the proposal is reasonable, proportionate and subject to adequate safeguards.

AISAs can enable efficient and responsive public services in ways that do not sacrifice important rights, and without adding unnecessary risk of privacy breaches. One additional safeguard is that the Privacy Commissioner has  the power to review an AISA 12 months after it becomes operational.

 Three teenagers hang out outside. Two are girls wearing white t-shirts who have long brown hair. The other is a boy lying down wearing a black top and faded jeans.

 

Back to top