Information Sharing Agreement Canada

By on September 24, 2021.

In many cases, however, sharing may be allowed, but is not required by law and therefore depends on the measure. Note: In some cases, the power to collect personal data is clearly defined by law. The Income Tax Act is a good example of this. However, in most cases, the institution`s enabling law concerns only an operational programme or activity. In still other cases, the institution`s enabling law may not contain a specific reference to a specific programme or activity, but a strong argument can be put forward that the programme to be examined or the activity to be examined is compatible with and promotes the legal mission of the institution. To the extent possible, personal information transmitted by one government organization to another party should be carried forward rather than pulled. This means that instead of giving access to the database containing personal data, the institution would transmit the information or data to the other jurisdiction in the manner provided for in the agreement and at the times and data provided for in the agreement. The programme area, which controls the personal data to be shared, can check, together with the Department`s Council of Data Protection Experts and Legal Experts, whether disclosure is appropriate. Canada is already a signatory to numerous bilateral and multilateral international treaties with other countries that involve the exchange of personal data, such as customs, extradition, taxation and immigration. A federal government institution should consult with both its legal services and the Department of Foreign Affairs and International Trade to consider whether to launch an information-sharing initiative with the participation of a foreign country. The objective is to reach an agreement consistent with Canada`s foreign policy and to ensure that the ISA respects the principles of international and Canadian law and complies with the requirements of the government`s contractual policy.

Section 3 of the Data Protection Act defines personal data as “information relating to an identifiable person recorded in all its forms, including without limiting the generality of the above: in the event of questions, challenges or disagreements related to an issue related to an agreement, it is recommended to include clauses to provide a dispute resolution mechanism. For example, when an organisation has collected personal data from another organisation for specific purposes (e.g. B program “A”) it should not use them for any other purpose (e.g. program “B”) without the consent of the individual or proof that it is covered by the provisions of subsection 8 (2) of the Data Protection Act for the same purpose, consistent use (see below) or other purposes. Although the principle of “minimum collection” is not explicitly mentioned in the legislation, the principle of the Data Protection Act is that an institution should collect only the minimum amount of personal data required for the proposed programme or activity. Institutions should have administrative controls in place to ensure that they do not collect more personal data than is necessary for related programmes or activities. They must have parliamentary authority for the program or activity in question and have a demonstrable need for any personal information collected for the implementation of the program or activity. mandatory obligation – subject to (b) to use only public health information provided by another Contracting Party under this Agreement for the purposes listed in the approved Annex governing such information; Paragraph 8 (2) (a) – Original purpose and uniform use: This paragraph gives government institutions the power to disclose personal data when necessary to achieve the purpose for which the information was obtained or collected, or for consistent use for that purpose. When institutions first consider a data exchange initiative, they should ensure that it is legal.. .