Personal data that has been modified so that the identity of the person concerned can no longer be established is classified as depersonal information. This can be achieved by removing identifiers such as a person`s name, date of birth and other personal data that may be related to the person. Whatever the means of depersonalizing the data, any new identification should be made impossible, i.e. other data, even when combined with other sources, should not allow the link with people. A foreign government organization is not subject to the Canadian data protection laws it receives from a Canadian government institution (cross-border data flow). As a result, the risks of data protection associated with the transmission of personal data with foreign countries are generally considered to be higher than when transmitting personal data to a provincial, regional or local government in Canada. Such risks are particularly important when the foreign organization is not bound by data protection laws or by a binding system that is essentially akin to the federal data protection law. Another problem raised by the International ISA is that anti-terrorism legislation abroad carries potential privacy risks. This could mean, for example, that a foreign law could circumvent the restrictions or reservations imposed by the public body for the continued use or disclosure of personal data. Many countries have anti-terrorism laws and security measures that are similar to those of the U.S. PATRIOT Act. In such cases, a federal institution may impose additional conditions on the recipient.

B, such as the separation of disclosed data from its other records or the Council of Canada, where the information is to be disclosed in accordance with foreign law, if possible. Health System Integration – Data Exchange Requirements Institutions should only consider discretionary disclosures where they are approved by federal law and have a clear and justified purpose.

Be Sociable, Share!