For applicable projects, Acorn completes the following:

• A data-sharing agreement between partners: This document defines the data being shared, the data owner, data user and the data administrator as well as period of agreement, manner of collection, notice requirement and consent, method and security of data transfer, data access, data usage, terms for termination of agreement and method of data disposal.​

• Privacy policy: Acorn has a privacy policy that is applied to all data projects. The privacy policy was developed to comply with Canada’s Personal Information Protection and Electronics Act (PIPEDA) and the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA). MFIPPA applies to municipalities, police services, school boards and social service administration boards and other agencies associated with municipalities and municipal funding.​

• Privacy Impact Assessment: This document defines a project, details the data utilized, the role of data in the project, and outlines access security risk mitigations and data retention.​

• Statement of Sensitivity: This document is based on the standards developed by the National Institute of Standards and Technology, U.S. Department of Commerce. This Statement of Sensitivity is intended to help determine the confidentiality, integrity and availability requirements of data or software solution. This analysis pertains to the information that is processed, transmitted, managed and/or stored.

Data and information systems security is based on three main factors:

• Confidentiality: A loss of confidentiality is the unauthorized disclosure of information.

​

• Integrity: A loss of integrity is the unauthorized modification or destruction of information

​

• Availability: A loss of availability is the disruption of access to or use of information or an information system

These factors can be classified by potential impact as per the table below: