Data Sharing in Social Services: A Canadian Problem

A child in the welfare system moves provinces with their family. Their file stays behind. A person experiencing homelessness travels from Calgary to Vancouver and walks into a shelter where they are, for all practical purposes, unknown, required to retell their story from the beginning.

These are not edge cases. They are the predictable, recurring consequences of a social services data environment built on the assumption that people stay within the jurisdictional boundaries where their data was first collected. Federal government analysis of 306 emergency shelters found that nearly one in ten shelter users accessed services in more than one city. That assumption fails constantly.

The conventional explanation for why cross-jurisdictional data sharing remains so difficult in Canadian social services points to technology. Systems don't talk to each other. Formats aren't compatible. Standards haven't been agreed upon. These are real barriers. But the deeper problem is not technical. It is a problem of trust: between governments, between service providers, between institutions and the people whose data flows through them. As we've written before, modernizing data infrastructure is foundational to effective social policy, but infrastructure alone doesn't solve a governance problem.

Why Social Services Data Doesn't Cross Provincial Lines

Canada's constitutional architecture places social and welfare services primarily under provincial jurisdiction. The federal government participates through cost-sharing agreements and national programs like Reaching Home (the $5 billion, nine-year homelessness strategy). Some provinces delegate administration to municipalities. The result is a three-layer governance environment where each level collects data under different rules, in different systems, for different purposes.

Consider homelessness data. The federal government developed the Homeless Individuals and Families Information System (HIFIS) and requires it for communities receiving Reaching Home funding. But implementation varies by city. Ottawa mandates HIFIS for municipally funded shelters with a centralized database. Toronto uses its own Shelter Management Information System. Montreal has no centrally coordinated database for homeless shelters. Each community's HIFIS installation operates in isolation: data collected in one community cannot be accessed by or shared with another.

This fragmentation extends to settlement services. Immigration, Refugees and Citizenship Canada (IRCC) funds over 550 service providers, but tracks them through a single system (iCARE) that captures only IRCC-funded activities. Provincial, territorial, and municipal settlement services are invisible to that system. Quebec administers immigration selection and settlement under a separate accord entirely. A federal assessment acknowledged that evaluations using only IRCC data are measuring incremental impacts on top of services funded by other sources, meaning the full picture of newcomer integration is structurally unavailable.

At the institutional level, the scale of the problem is staggering. Employment and Social Development Canada alone manages approximately 1,000 Information Sharing Agreements with various stakeholders, according to a 2025 departmental audit. That same audit found that ISA templates had not been updated since 2016, that roles and responsibilities were not clearly defined, and that no monitoring function existed to confirm compliance with the terms of those agreements.

A Patchwork of Privacy Laws with No Common Thread

Layered on top of this governance complexity is a privacy framework that a CIRANO analysis describes as a direct threat to public sector efficiency and the adoption of emerging technologies. At least 13 overlapping privacy statutes operate at the federal and provincial levels, with additional sector-specific health information acts and child welfare legislation creating further constraints.

The federal Privacy Act has not been significantly updated since 1983. PIPEDA, the federal private-sector privacy law, generally does not apply to municipalities, universities, schools, and hospitals for their core activities, placing most social services organizations outside its scope. Bill C-27, which would have modernized the federal framework, died on the Order Paper in January 2025 when Parliament prorogued.

Meanwhile, Quebec's Law 25 (fully in force since September 2024) now requires organizations to complete Transfer Risk Assessments before any personal data leaves Quebec, including to other Canadian provinces. Organizations must demonstrate "equivalent protection" through written agreements before sharing data with partners in Ontario, Alberta, or anywhere else in Canada. This single provision creates what amounts to an internal data border within Canada's own federation. This matters especially for organizations dealing with data sovereignty obligations, where jurisdictional questions are already front of mind.

The practical effect is that consent requirements alone become unworkable across jurisdictions. PIPEDA allows implied consent for less-sensitive data. Quebec requires consent that is "manifest, free, informed, specific, and given for specific purposes." Ontario's health privacy legislation requires express consent for disclosure outside the circle of care. Alberta uses a "reasonable" consent standard. A single client file shared between a Montreal shelter, an Ottawa settlement agency, and a federally funded housing program can trigger three different consent regimes simultaneously.

Rather than enabling responsible information sharing, this fragmented environment produces what the former Privacy Commissioner of Canada described as "a culture of non-sharing among nervous and hesitant bureaucrats," officials so uncertain about what they can legally share that they default to sharing nothing at all.

What Happens When Data Doesn't Follow People

The human cost of this fragmentation is documented in coroner's inquests, ombudsman reports, and public inquiries that have, in several cases, identified data system failures as direct contributors to preventable harm.

In domestic violence services, the 2022 Renfrew County inquest into three femicides produced 86 recommendations identifying how intimate partner violence data remains fragmented across police, probation, victim services, shelters, and courts with no integrated sharing mechanism. Canada still has no national child welfare death registry. Each province counts (or doesn't count) child welfare deaths differently. There is no mechanism for tracking what happens when a family moves from one jurisdiction to another.

These are not isolated failures. They are symptoms of a system that was never designed to share information across the boundaries that vulnerable people cross constantly. The pattern, as our analysis of systems-level data and social inequities has explored, is one where fragmented data makes entire populations invisible to the systems meant to serve them.

Indigenous Data Sovereignty Is Not an Obstacle, It's a Model

Any serious discussion of cross-jurisdictional data sharing in Canada that treats Indigenous data governance as a complication to be managed has the analysis backwards. First Nations, Inuit, and Métis peoples each maintain distinct data governance frameworks that represent some of the most sophisticated thinking in the country about how data should be governed. We've written at length about how social services can implement software and technology that upholds the First Nations principles of OCAP®, and the principles explored there are directly relevant to cross-jurisdictional design.

The First Nations principles of OCAP® (Ownership, Control, Access, Possession), established in 1998 by the First Nations Information Governance Centre, assert collective First Nations ownership over community data, control over research processes from design to dissemination, guaranteed access to information held about them regardless of where it resides, and physical possession of their data. FNIGC describes OCAP® as a political response to colonialism and decades of data collection conducted without First Nations knowledge or consent.

Inuit Tapiriit Kanatami's National Inuit Strategy on Research, launched in 2018, calls for Inuit access, ownership, and control over data and information, while recognizing four distinct regional governance structures. The Métis National Council has advanced its own data governance principles through a memorandum of understanding with CIHI to integrate Métis ownership and stewardship into health data systems.

These frameworks offer a genuinely useful precedent. They demonstrate that data governance does not require centralization. Data can be shared across organizational boundaries while the communities it describes retain authority over how it is used. That principle, sovereignty over data combined with governed interoperability, is precisely what the broader social services sector needs to build. Rather than treating Indigenous data governance as friction in a cross-jurisdictional system, the sector should recognize it as a design pattern.

Health Data Has a Strategy. Social Services Has Nothing.

The contrast with health is instructive. Canada has invested substantially in health data infrastructure. The Canadian Institute for Health Information (CIHI) serves as a pan-Canadian standards and data body. The Pan-Canadian Health Data Strategy, backed by nearly $200 billion in federal health funding over ten years (announced February 2023), includes a Health Data Charter, an Interoperability Roadmap, and CIHI's Canadian Core Data for Interoperability framework defining standardized data elements across healthcare systems.

No equivalent exists for social services. No pan-Canadian social services data strategy. No standards body. No interoperability roadmap. No data charter. The federal government's own Social Assistance Statistical Report warns that its data "should not be used for the purpose of cross-jurisdictional comparison" because of extensive variations in data collection, reporting, definitions, and terminology across provinces.

Other federated countries have built what Canada has not. New Zealand's Integrated Data Infrastructure (IDI), operated by Stats NZ since 2011, links de-identified data on approximately 10 million individuals across health, justice, education, housing, social welfare, tax, and census datasets. Australia's Data Integration Partnership invested A$130.8 million over three years to build cross-jurisdictional data linkage across 20+ Commonwealth agencies. Estonia's X-Road connects over 1,000 databases supporting 1,700+ services through a decentralized, secure data exchange layer. The EU's Interoperable Europe Act (in force April 2024) mandates interoperability assessments before IT changes and targets fully interoperable public services by 2030.

These are not technologically superior countries. They are countries that made a political decision to treat data interoperability as essential infrastructure. The digital transformation lessons emerging from the social sector reinforce this: technology adoption without governance alignment produces fragmentation, not integration.

Trust Is the Infrastructure That Comes Before Technology

The technology to enable cross-jurisdictional data sharing already exists. The Human Service Data Specification (HSDS), developed by the Open Referral Initiative, provides a common data format for community resource directories and has been adopted as a national standard in the UK. Federated data models, where agencies retain sovereignty over their data while enabling authorized cross-jurisdictional queries, have been proven in Canadian health data centres. Privacy-enhancing technologies allow analysis across datasets without moving individual-level data between organizations.

At the same time, technology deployed without trust produces new forms of harm. For Indigenous peoples, this is not an abstract concern. The Canada School of Public Service acknowledges that under the Privacy Act, the Crown retains unilateral control over Indigenous data with no obligation to consult the communities affected. Indigenous Services Canada's own audit found gaps in ISC's data governance, including no complete data quality framework. Against that history, OCAP® is not bureaucratic friction. It is essential self-protection.

For people accessing social services more broadly, those experiencing homelessness, fleeing violence, or navigating immigration, data has often been used to deny benefits, justify policing, or separate families. The Stanford Social Innovation Review put it plainly in 2025: distrust of data systems is deserved, built on decades of experiences where people's data has been used to harm them. Building cross-jurisdictional data sharing without building trust with the people whose information flows through these systems will fail practically, because people will withhold information or avoid services entirely.

Taken together, Canada's social services data challenge is not primarily a technology problem. It is a governance problem, a trust problem, and an investment problem. The sector that serves the most vulnerable people in the country operates with the least developed data infrastructure. Health has CIHI, a pan-Canadian strategy, and billions in interoperability funding. Social services has a patchwork of provincial systems that the federal government itself says cannot be compared across jurisdictions.

What is required is structural: a pan-Canadian social services data institution with a mandate for standards and interoperability, Privacy Act modernization that enables responsible cross-program sharing, Indigenous data governance as a foundational design principle rather than an afterthought, investment in federated technical infrastructure and open standards, and genuine community governance over data that earns trust rather than demanding it.

Every year of delay means more people retelling their stories at every new intake desk, more children falling through jurisdictional gaps, and more inquiry recommendations gathering dust. Canada has the conceptual foundations and the technical capacity to build a federated data governance framework for social services. What it lacks is the political will to treat this as the infrastructure priority it is.