For more information, please see Chapter 2-4 of the Treasury Board Manual on Privacy and Data Protection. Another alternative is the depersonalization of information; However, if this is used, it should not be possible to re-link the information to identifiable individuals. Institutions should also be assured, as far as possible, that the receiving party will not attempt to reintegrate persons. The CPH will continue to provide information and updates or consultations with WHO and other third parties regarding a potential PHEIC or PHEIC to the CCMOH and PHNC. Under the Data Protection Directive, officials of state institutions must define the practices of managing and protecting personal data under their control to ensure that the data protection law is managed consistently and fairly. The TBS Data Protection Practices Directive supports the directive by setting out the requirements for good data protection and personal data management requirements. Together, the Data Protection Directive and associated guidelines and guidelines are the instruments on which a strong privacy management strategy within government institutions is based. It is also a proven method for the institution to clearly identify in advance all the purposes for which personal data can be used or disclosed, including secondary uses. Any prohibition on the secondary use or subsequent disclosure of information may also be carefully considered and agreed upon by the parties in order to avoid any conflict or misunderstanding with the applicable legal provisions of any jurisdiction, including access and data protection laws and other relevant laws. may inform the United States and Mexico of the exchange of information with these countries, in accordance with the trilateral cooperation of the Canadian government. Even if disclosure was a “consistent use,” there is nothing in the law that requires the state institution that holds the information to make it available to the applicant government organization. The decision to disclose the information is discretionary and only the appropriate official can decide whether to exercise discretion in disclosure of information. Before disclosing personal data, federal institutions can ensure that the recipient country provides an adequate level of protection.
The adequacy of the level of data protection in the other country can be determined by an examination of a number of factors, including the nature and sensitivity of the data, the purpose of the disclosure, the legislation and the security measures used to protect information in the other country.