The Department of Immigration and Citizenship Act is another example of legislation that authorizes the transfer of personal data outside of Canada. The Act allows the Minister of Citizenship and Immigration to enter into agreements with governments and international organizations to facilitate the formulation, coordination and implementation of policies and programs under the Minister`s jurisdiction, including the collection, use and disclosure of information. The Canadian Security Intelligence Service Act allows the service (known as CSIS) if it has the consent of the appropriate minister to enter into agreements after consultation with the Minister of Foreign Affairs, or to cooperate with the government of a foreign state, an institution of that state or an international state organization. This cooperation could, of course, include the transfer of personal data held by state institutions through Canadians or other foreigners. It is good practice to properly document in the agreement the motivation for the non-request for consent or procedures for consent or notification of disclosure of persons. This allows personal data to be disclosed to researchers acting on behalf of listed companies when they are involved in the local claims process. Researchers must be accredited for such research and sign a written agreement that they formally hold responsible for protecting the privacy of individuals. The search and execution application form can be used as an ISA for this purpose. The Registration Authorities Control System (RDACS) is an information system that contains summary descriptions of management agency datasets granted by the librarian and archivist to federal institutions, as well as online copies of relevant documentation. It contains descriptions of more than 2,200 authorities. RDACS is available to federal institutions on rdacs-syscad.lac-bac.gc.ca/index_en.html. In particular, the Commission wants the government to implement recommendations 2, 9, 12 and 13 of Justice O`Connor`s September 2006 report, not only with respect to the exchange of information by the Royal Canadian Police, but also with respect to the exchange of information by any Canadian authority involved in the protection of national security. These recommendations are described below.
It is also a proven method for the institution to clearly identify in advance all the purposes for which personal data can be used or disclosed, including secondary uses. Any prohibition on the secondary use or subsequent disclosure of information may also be carefully considered and agreed upon by the parties in order to avoid any conflict or misunderstanding with the applicable legal provisions of any jurisdiction, including access and data protection laws and other relevant laws. Of course, instead of sharing with other institutions, we should first think about the use of personal data that exists within the institution but is held by another branch or program area. Information can be shared between programmes: the information provided in point 8.2 of the Data Protection Act is “subject to other laws of Parliament.” The references to paragraph 8, paragraph 2, generally do not apply where a statute expressly prohibits the disclosure of information, except in the circumstances of this Act. Below are the most frequently cited provisions of Section 8, paragraph 2, which are used by state institutions to transmit personal data to another level of government without the consent of the person concerned. 3.1.8 For ad hoc analyses, these instructions should be followed. Although the principle of “minimum collection” is not explicitly mentioned in the legislation, the principle of the Data Protection Act is that an institution should collect only the minimum amount of personal data necessary for the programme or activity envisaged.