1. No category

Info Sharing MOU Template

Reference
Number
Click here
to enter
text.
Memorandum of Understanding (MOU)
for Information Sharing
This MOU does not replace the requirements on agencies to comply with:
Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act)
Health Records and Information Privacy Act 2002 (NSW) (HRIP Act)
Please refer to the Guidelines for sharing Information between government agencies
Party A
Click here to enter text.
Type of
Organisation
NSW Agency
Party B
Click here to enter text.
Type of
Organisation
NSW Agency
Information
Transferred
Information including datasets to be agreed as per Annexure A (Template attached).
Effective
Start Date
Authorised
Delegate for
Party A
Click here to enter text.
End Date
Ongoing
Title
Click here to enter text.
Signature ______________________________________
In the
Presence of
(Witness)
Click here to enter text.
Signature ______________________________________
Authorised
Delegate for
Party B
Click here to enter text.
Title
Date _____________
Click here to enter text.
Signature ______________________________________
Document1
Date _____________
Click here to enter text.
Signature ______________________________________
In the
Presence of
(Witness)
Date ______________
Date ______________
Page 1 of 13
1.
Parties
1.1
This MOU is made between and binds the following parties:
1.1.1
[Insert agency A name] ([Insert agency A short name])
ABN: [Insert agency ABN]
[insert agency address]
1.1.2
[Insert agency B name] ([Insert agency B short name])
ABN: [Insert agency ABN]
[insert agency address]
2.
Background
2.1.1
[insert background to the parties’ relationship]
2.1.2
[Insert agency A name] and [Insert agency A name] now wish to establish an
ongoing relationship for sharing data and information between them.
2.1.3
By this MOU, the parties wish to:
a)
record the general terms of that relationship, to facilitate the secure and timely
flow of data and information between them; and
b)
establish an efficient mechanism for entering into separate agreements from
time to time (under the general operation of this MOU) in relation to the
sharing of specific sets of data and information.
Operative provisions
In consideration of the mutual promises set out in this MOU, the parties agree to be
bound by the following terms:
3.
Interpretation
3.1
Definitions
Unless the contrary intention appears, a capitalised term has the meaning shown
opposite that term in the table below:
Term
Meaning
Approved Purposes
has the meaning given in item 1 of the Schedule.
Authorised User
has the meaning given in clause 6.
Authorised
Representatives
the persons identified in item 2 of the Schedule.
Commencement
Date
the date the coversheet to this MOU is last signed by a party’s
authorised delegate.
Page 2 of 13
3.2
Term
Meaning
Confidential
Information
has the meaning given in clause 12.
Data Custodian
has the meaning given in clause 7.
Health Information
has the meaning given to that term in HRIPA.
HRIPA
Health Records and Information Privacy Act 2002 (NSW).
Information Sharing
Schedule
a schedule, substantially in the form of Annexure A, by which a
specific set of Shared Information is to be Shared, and
recording the terms and conditions specific to that Shared
Information.
MOU
NSW Data and
Custodianship
Policy
IM Framework
this memorandum of understanding.
Personal
Information
PPIPA
has the meaning given to that term in PPIPA.
Share
to disclose.
Shared Information
the information Shared by an Originating Party with a Recipient
Party in accordance with this MOU, being information specified
in a signed Information Sharing Schedule.
Schedule
the schedule to this MOU.
the NSW Data & Information Custodianship Policy v1.0 dated
June 2013.
the framework set out at
http://finance.nsw.gov.au/ict/information-managementframework and in related documents, or any website or
information that supersedes this information.
Privacy and Personal Information Protection Act 1998 (NSW).
Interpretation
In this MOU:
a)
where a word or phrase is defined, its other grammatical forms have a
corresponding meaning;
b)
a reference to any legislation or to any provision of any legislation includes
any modification, re-writing or re-enactment of it, any legislative provision
substituted for it, and all regulations and statutory instruments issued under
it;
c)
a reference to a clause, annexure or schedule is to a clause of, annexure or
schedule to this MOU;
d)
a reference to this MOU includes any annexure or schedule;
e)
words of inclusion are not words of limitation; and
f)
the singular includes the plural and vice versa.
Page 3 of 13
3.3
Commencement of the MOU
This MOU takes effect on and from the Commencement Date.
4.
Agreement to Share information
4.1.1
By this MOU, the parties express their mutual intention to identify opportunities to
share data and information, in a manner that aligns with their business objectives
and with the Approved Purposes.
4.1.2
To alter the Approved Purposes, the receiving party must consult the originating
party. The originating party must agree to the change before the receiving party
may use the data.
4.1.3
Each party agrees to use reasonable endeavours to enter into an Information
Sharing Schedule for each jointly identified opportunity, under the general terms
and conditions set out in this MOU.
4.1.4
Each party agrees to procure the establishment of internal procedures to ensure
that the authority to approve and sign an Information Sharing Schedule is delegated
to an appropriate officer within the organisation with relevant responsibilities and
accountabilities.
5.
Licence
The Originating Party grants to the Recipient Party a non-exclusive, nontransferable, royalty free licence to use, reproduce and adapt the Shared
Information for the Approved Purposes (on the terms, and subject to the
restrictions, set out in this MOU).
6.
Use of Shared Information
Each party agrees, as a Recipient Party, that:
6.1.1
6.1.2
it will:
a)
use the Shared Information for the Approved Purposes only, in consultation
with the Originating Party;
b)
where necessary (that is, in relation to Shared Information that includes
Personal Information or Health Information), nominate certain authorised
users to have access to the Shared Information (Authorised Users) and
ensure that only Authorised Users have access to the Shared Information;
and
c)
seek the authorisation and approval of the Originating Party before making
public, or disclosing to any third party, the Shared Information or any
document incorporating Shared Information; and
it will not:
a)
permit access, or release any Shared Information, to a third party (except as
set out in clause 12.2 or with the express consent of the Originating Party); or
Page 4 of 13
b)
produce any information based on, or incorporating, the Shared Information
that generates Personal Information or Health Information (that is, it reidentifies a person), unless permitted by law.
6.1.3
For the purposes of this clause 6, another division within the Recipient Party is not
deemed to be a third party. Any specific restrictions on intra-agency transfer should
be noted in the relevant Information Sharing Schedule.
7.
Quality and responsibility for the Shared Information
7.1.1
The Originating Party must ensure that the Shared Information complies with the
requirements specified in the relevant Information Sharing Schedule, and must use
its best efforts to ensure that the Shared Information is fit for purposes for which it
was created with respect to its accuracy, completeness and quality.
7.1.2
The receiving party is responsible for ensuring the fitness of the data for any further
use. The receiving party must take appropriate measures to ensure that the most
‘up to date’ version of the data is used and that the information fit to support the
new process.
7.1.3
The data custodianship of information will be determined as follows:
a)
the Originating Party remains the data custodian of the Shared Information in
the form it was Shared, and it delegates certain management responsibilities
in relation to the Shared copy of that information to the Recipient Party; and
b)
the Recipient Party will be the data custodian of information generated by it,
which incorporates the Shared Information,
the relevant party in the circumstances being the ‘Data Custodian’.
7.1.4
The applicable Data Custodian must, in relation to the Shared Information:
a)
exercise functions relating to access to information under the Government
Information (Public Access) Act 2009 (NSW);
b)
exercise functions relating to State records under the State Records Act 1998
(NSW), if the State records relate to or are made in connection with the
exercise of its other functions; and
c)
comply with the NSW Data and Information Custodianship Policy and other
aspects of the IM Framework, as applicable.
7.1.5
If a Recipient Party receives a request under the Government Information (Public
Access) Act 2009 (NSW) in relation to the Shared Information for which the
Originating Party is the Data Custodian, it must transfer that request to the
Originating Party.
8.
User Support
The Originating Party will provide the Recipient Party with technical assistance to
the extent reasonably required to permit use of the Shared Information in
accordance with the Approved Purposes.
Page 5 of 13
9.
Information and records management arrangements
9.1
Transfer of the Shared Information
9.1.1
The Originating Party must deliver applicable Shared Information to the Recipient
Party in accordance with the agreed specifications and timing set out in the relevant
Information Sharing Schedule and the security requirements set out in clause 10.
9.1.2
The Originating Party must notify the Recipient Party in writing of any delay in the
arrangements for the provision of the Shared Information.
9.2
Information management
9.2.1
The Recipient Party must create appropriate and accurate records of any document
or information incorporating the Shared Information.
9.2.2
The Recipient Party will develop a plan for managing the Shared Information that is
consistent with its approach to compliance with the IM Framework.
9.2.4
If applicable, the Receiving Party will retain the master list of how the source data
unique identifier from the Originating Party links to their source system unique
identifier. This list will only contain source system unique identifiers and will not
contain Personal Information.
9.3
Retention and disposal
The Recipient must only dispose of Shared Information:
a)
according to the agreed transfer, storage and disposal method and timeframe
agreed in the schedule (substantially in the form of Schedule 1) that applies to
the Shared Information;
b)
in accordance with the Recipient’s internal standards or procedures;
c)
in accordance with the State Records Act 1998 (NSW) and related authorities
and guidance, and
d)
inform the originating agency (if required by the originating agency).
10
Security arrangements
10.1
Transfer
The Originating Party must deliver the Shared Information securely to the Recipient
Party by transferring it in accordance with the security measures and to the named
person specified in the relevant Information Sharing Schedule.
10.2
Secure storage
10.2.1
Once received by the Recipient Party, the Recipient Party is responsible for
ensuring the security of the Shared Information until it is disposed of in accordance
with clause 9.3.
10.2.2
The Recipient Party must comply with:
a)
the NSW Government Digital Information Security Policy,
b)
Information Classification and Labelling Guidelines,
Page 6 of 13
c)
Information Classification Handling Guidelines (available late 2014), and
d)
the NSW Government Cloud Services Policy and Guidelines (where
applicable),
in relation to the Shared Information, and must make reasonable arrangements to
ensure that the Shared Information is secure from any unauthorised use or
disclosure (using its information security management system, where appropriate).
Such arrangements should take into account the confidential nature of the Shared
Information and the existence of Personal Information or Health Information, where
applicable.
10.2.2
The Shared Information will have the classification and labelling status set out in
relevant Information Sharing Schedule.
11
Compliance with laws and policy
11.1.1
Each of the parties will comply with laws and policies applicable to it, including
those specifically mentioned in this MOU, and otherwise.
11.1.2
The parties will agree a source of authority for the Sharing of Shared Information
that includes Personal Information or Health Information before such Shared
Information is transferred.
11.1.3
The parties acknowledge that this MOU is not, of itself, a source of authority for
collection, retention, use or disclosure of Personal Information or Health
Information.
12
Confidentiality
12.1
Non-disclosure
12.1.1
Each Recipient Party acknowledges and agrees:
12.1.2
a)
that all Shared Information Shared pursuant to the terms of this MOU is
confidential (except where the Originating Party has agreed otherwise or the
information is already publicly available) (Confidential Information), and is of
value to the Originating Party; and
b)
to keep the Confidential Information confidential at all times.
Each Recipient Party must:
a)
take all reasonable steps and do all things that may be reasonably required by
the Originating Party to keep the Confidential Information confidential,
including all documents, and all other things recording, containing, setting out
or referring to any Shared Information, under effective management of the
Recipient Party and protected from any unauthorised use or access;
b)
immediately notify the Originating Party if it becomes aware of any
unauthorised access to, or use or disclosure of, any Confidential Information;
and
Page 7 of 13
c)
take steps to ensure that the Confidential Information is not given to a person
who is not an Authorised User, including by the measures specified in clause
10.
12.1.3
This MOU does not exclude the operation of any principle of law or equity intended
to protect and preserve the confidentiality of the Confidential Information.
12.2
Disclosure as required by law
12.2.1
The Recipient Party may disclose Confidential Information to the extent that is it is
required to disclose such information in accordance with law.
12.2.2
The Recipient Party undertakes to provide the Originating Party with as much notice
as is reasonably practical to enable the Originating Party to seek a protective order
or other relief from disclosure and to provide all assistance and co-operation which
the Originating Party reasonably considers necessary for that purpose.
13
Privacy
13.1
Privacy
13.1.1
The parties acknowledge and agree that in addition to being Confidential
Information, Shared Information may also comprise Personal Information or Health
Information. In respect of such Personal Information or Health Information, each
Recipient Party agrees:
13.1.2
a)
to comply as if it were an agency bound by the Information Protection
Principles under PPIPA and the Health Privacy Principles under HRIPA;
b)
that it will inform each of its Authorised Users of, and procure that each
undertake in writing, to observe the provisions of this MOU and laws and
policies applicable to it;
c)
to take all reasonable measures to ensure that the Shared Information is
protected against loss and against unauthorised access, use, modification,
disclosure or other misuse and that only Authorised Users have access to it,
including by the measures specified in clause 10;
d)
not to transfer such information outside Australia, or allow parties outside
Australia to have access to it, without the prior written approval of the
Originating Party;
e)
the Originating party will provide amended personal/health information to the
Recipient party if an individual seeks alteration to his/her personal/health
information;
f)
to immediately notify the Originating Party when it becomes aware of a breach
or likely breach of any of the provisions of PPIPA or HRIPA; and
g)
to notify the Originating Party of, and co-operate with, the Originating Party in
the resolution of, any complaint alleging an interference with privacy.
The Recipient Party’s obligations are in addition to, and do not restrict, any
obligations it may have under applicable law, or any codes of practice or directions
listed in the relevant Information Sharing Schedule.
Page 8 of 13
14
Authorised Representatives
14.1.1
Each party must nominate an authorised representative (Authorised
Representative) to be the key contact person responsible for monitoring
compliance with this MOU. Any notice required to be given by one party to the other
should be directed to the Authorised Representative using the details set out in the
Schedule, or as notified from time to time as contemplated by clause 14.1.3.
14.1.2
At the Commencement Date, each party has nominated the applicable person
specified in item 2 of the Schedule as its Authorised Representative.
14.1.3
A party may replace its Authorised Representative (and provide the new
appointee’s details) by notice in writing to the other party.
15
Review
The parties will arrange a meeting between their Authorised Representatives at
least annually to assess the operation of this MOU.
Page 9 of 13
Schedule 1
Item
Topic
Detail
1
Approved
Purposes
[Insert general description of the approved purposes. It is
anticipated that this will often relate to the sources of authority that
enable the information sharing]
2
Authorised
Representatives
[Insert party A name]
Name:
Title:
Phone:
Email:
[Insert party B name]
Name:
Title:
Phone:
Email:
Page 10 of 13
Annexure A
Information Sharing Schedule
[Insert party A name] and [Insert party B name] are parties to a Memorandum of
Understanding dated [insert date] (MOU).
By this schedule the parties wish to agree to share the information described in this schedule
on the terms and conditions contained in this schedule.
The terms of the MOU (and relevant definitions) apply to the sharing of information
contemplated by this schedule.
This schedule is valid until xxx.
Item
Topic
Detail
1
Period of agreement
2
Originating Party
3
Recipient Party
4
Shared Information
5
Quality
6
Validity period of the
data
7
Date the data set
generated from the
originating system
8
Frequency of
provision
9
Format
10
Classification and
Labelling Status
[Eg. Unclassified – Sensitive]
11
Statement of
Approved Purposes
[To be consistent with one or more of the approved purposes
of the MOU]
12
PIA undertaken
[Yes, or No and summary of reasoning]
13
Authorised Users
nominated by
Recipient Party
14
Means of transfer
[Describe the dataset or information to be shared]
[Is it an ongoing arrangement, a one off arrangement, or
some type of automatic feed]
[Consider encryption]
Attention:
15
Specific security and
storage measures
required
Page 11 of 13
Item
Topic
Detail
16
Special conditions on
use and disclosure
[Consider any necessary limitations on intra-agency transfer]
17
Sources of authority
[Eg. Chapter 16A of the Children and Young Persons (Care
and Protection) Act 1998 (the Care Act).
Section 71 of the Housing Act 2001 (Housing Act)]
18
Applicable codes of
practice or directions,
principles or protocols
19
Specific retention or
disposal requirements
Approved by:
Authorised
Delegate for
Party A
Click here to enter text.
Title
Click here to enter text.
Signature ______________________________________
In the
Presence of
(Witness)
Click here to enter text.
Signature ______________________________________
Authorised
Delegate for
Party B
Date ______________
Click here to enter text.
Title
Date _____________
Click here to enter text.
Page 12 of 13
Signature ______________________________________
In the
Presence of
(Witness)
Date _____________
Click here to enter text.
Signature ______________________________________
Date ______________
Page 13 of 13

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz