Isa Information Sharing Agreement

Another alternative is the depersonalization of information; However, if this is used, it should not be possible to re-link the information to identifiable individuals. Institutions should also be assured, as far as possible, that the receiving party will not attempt to reintegrate persons. With respect to the transfer of personal data abroad, it is recommended that federal government institutions consider the potential data protection risks associated with foreign anti-terrorism laws such as the U.S. Patriots Act. A foreign law could circumvent the restrictions or reservations imposed on the recipient regarding the continued use or disclosure of shared personal data. Any agreement on the systematic exchange of information between different processing managers must be registered in the format of an information exchange agreement, whether or not there is a comprehensive declaration of intent. In addition, the following guidelines propose a decision-making process that will help institutions decide whether to provide personal data. If necessary, the reader can use the “bookmark links” to read further explanations in section 6 of the document. In Chapter IX of his September 2006 report on events related to Maher Arar: Analysis and Recommendations, Justice O`Connor made several recommendations in which he followed the process to be followed when dealing with countries with questionable human rights practices.

For example, it recommended that decisions on the receipt of information from such a country be made on a case-by-case basis in order to be accountable. Canadian officials should always exercise caution to avoid measures that appear to tolerate or encourage human rights violations. With the exception of Sections 6, 7 and 8 of the Data Protection Act, which deal with retention, availability, accuracy, use and disclosure, there is no specific provision of the act that focuses on the protection of personal data. Any protection offered to personal data is incidental to the main purpose of these sections and would apply if the state institution retained control of personal data.