Personal data collection plays a key role in the management of government programs and activities. The general approach of the Privacy Act is to create silos of personal data between federal government programs and between federal institutions and other jurisdictions to protect the privacy of individuals` information. This means that the personal data stocks of each public institution are separated on the basis of programs or activities. In addition, the process of exchanging personal data between the parties. B, such as mail, fax, telephone, electronic file transmission or Internet access, whether it is a „push“ (given to the other party) or a „pull“ (supported by the other party), as well as the frequency with which they are delivered – in real time, in delivery or ad hoc application – must also be accepted by the parties. This includes all security measures to ensure data security during and after transmission, such as. B encryption, password protection or authentication. Such measures must be fully documented in the agreement. Often, these measures are included in a separate timetable, attached to the agreement, to allow for a flexible amendment if the measures are amended. The Data Protection Act and associated TBS guidelines provide the following standards for the collection, accuracy, use, disclosure, retention and provision of personal data.

According to the collection, Section 7 of the Data Protection Act allows the use of personal data by a federal government institution: of course, one should not share with other institutions, but first consider the use of personal data that exists within the institution, but which is held by another branch or other program area. Information can be shared between programs: audit procedures help to ensure that the parties to an agreement respect the terms of the agreements. While it is inause ways for the Canadian government to conduct audits of the practices of the information directorate of staff in another country, it is not unreasonable to ask the other country to provide the other country with information on internal controls relating to the protection of personal data and/or the execution of data protection and security audits and to periodically provide copies of its audit reports. Some institutions may even wish to request specific audits on a pre-defined schedule. The transmission of personal data to other organizations will trigger the requirement for an IAP, unless the transfer is for non-administrative purposes, in which case the institution may comply with an internal protocol for the collection, use or disclosure of personal data for non-administrative purposes. The Department of Foreign Affairs and International Trade`s Contract Department provides an online resource for the search for contracts for which Canada has signed. The online resource also contains detailed information on the government`s contractual policies, including the steps departments must take to obtain an appropriate mandate to negotiate an agreement or agreement with a foreign state. It is good practice to properly document in the agreement the motivation for the non-request for consent or procedures for consent or notification of disclosure of persons. A test of the consistency of use or disclosure proposed is whether it is reasonable for the person who provided the information to expect it to be used in the proposed manner. This means that the original purpose and the proposed purpose are so closely linked that the person would expect the information to be used for consistent purposes, even if the use is not explained.