Information Sharing Agreement Ontario

By markelton, December 10, 2020

In addition, safeguards should take into account measures that may be necessary to respond to data security or data protection violations, including notifying stakeholders. More information about this can be found in TBS` privacy policy. The decision to disclose personal data must be made by the designated decision maker in accordance with the legal authority provided by the Disclosure Authorization Act. With the exception of Sections 6, 7 and 8 of the Data Protection Act, which deal with retention, availability, accuracy, use and disclosure, there is no specific provision of the act that focuses on the protection of personal data. Any protection offered to personal data is incidental to the main purpose of these sections and would apply if the state institution retained control of personal data. Entering an ISA with a foreign country will almost certainly require a federal institution or the Government of Canada to protect the privacy and confidentiality of information received from Canada. This may impose resource requirements on federal institutions to meet the obligations of adequate information protection. In addition to data protection rights under Sections 7 and 8 of the Canadian Charter of Rights and Freedoms, Section 7 of the Rights to Life, Liberty and Security of the Person may be violated when information is shared with other countries. For more information, please visit sections 6.9.1 and 6.9.4.

This TBS guide focuses on consultation in the preparation of federal information exchange agreements involving the exchange or exchange of personal data. TBS used some of the privacy principles and practices mentioned in the Subcommittee on Data Protection document, so we would like to thank the subcommittee for its innovative work in this area. If the objective cannot be achieved using unidentifiable personal data, institutions should explore alternative approaches to reduce or eliminate data protection risks. Institutions should only consider discretionary disclosures when they are authorized by federal law and have a clear and justified purpose. The need for the recipient to obtain the information should not be confused with administrative comfort; It should be clear that personal data is directly related to a program or activity that the recipient is responsible for managing. The underlying principle is that personal information should not be disclosed solely because it would be useful or “nice to know”. Disclosure of personal data means that one or both parties can communicate or collect personal data. Given the impact it has on privacy, institutions should consider whether there are other approaches to the exchange of personal data with other institutions.