Treasury Board Information Sharing Agreement

AtIP will have an extensive statistical reporting and performance measurement system that will provide the data needed to complete the PPSC`s annual statistical report to TBS on the management of the data protection law by the PPSC. This information will also be supported by the PPSC at the meeting of its evaluation and audit requirements. The Data Protection Act does not prohibit the collection, use and disclosure of non-consensual personal data. The law focuses on the question of authority. If there is a parliamentary power, it does not need to be approved. In the provision of law enforcement services, it is not necessary to obtain the consent of an individual for the collection, use or disclosure of personal data. 2) Information sensitivity: it is necessary to determine what type of information is involved in the information exchange project. Is this obviously of a very sensitive personal nature or does it seem to be rather harmless information? Is the information very current and, for that reason, more sensitive, or has that sensitivity diminished over time, so that, in certain circumstances, disclosure would not result in a measurable invasion of the privacy of individuals? Could disclosure of information, after a certain period of time, reopen old wounds? Under the TBS Data Impact Assessment Directive, institutions are required to conduct a data protection impact assessment when a new program or service involves the collection, use or disclosure of personal data or where a substantial change is made to an existing program or service. These include the exchange of personal data between legal systems. A data protection impact analysis will help ensure that information exchange activities comply with data protection law and that steps are taken to reduce potential data protection risks. This exemption is intended to improve the exchange of information between the Canadian government and the private sector. Given that the private sector owns or operates more than 85% of Canada`s critical infrastructure, this information is needed to get an accurate picture of the IC`s resilience in Canada.

In order to prevent unauthorized disclosure, reproduction, use or modification of the information provided under the agreement, recipients must restrict access to this information on the basis of the need to learn and use recognized security mechanisms, such as passwords, encryption, audit trails or other appropriate security measures, in order to prevent and discourage unauthorized access. Under the Access to Information Act and the Privacy Act, information provided confidentially by other governments is subject to a mandatory exemption, which is subject to a disclosure discretion with authorization or where the government that received the information makes the information public. It is therefore strongly recommended that a consultation procedure be put in place by the agreement to respond to access to information requests or the Data Protection Act. The agreement could contain, for example. B, a provision requiring parties to consult with each other when they receive a request for access from the person entitled to the information to determine whether the party who provided the information would agree to disclose it. In addition, the following guidelines propose a decision-making process that will help institutions decide whether to provide personal data. If necessary, the reader can use the “bookmark links” to read further explanations in section 6 of the document. Note: Some decisions regarding the disclosure of personal data, referred to in paragraph 8, paragraph 2, of the Data Protection Act, are more complex than others.