We intend to post details about our information sharing agreements if, in the meantime, you have any questions about any agreements we may have, please contact the data protection team. Other laws, such as the Canada Pension Plan Act, the Security of Ancient Ages Act and the DNA Identification Act, to name a few, also contain restrictions or prohibitions on the disclosure of personal data. Marking or watermarking information shared, especially when it comes to sensitive information, is a way to ensure that information is processed in a way that respects the terms of the agreement. For example, prior to disclosure, all personal information may be accompanied by a title or watermark “Gain trust in accordance with the agreement (title of the agreement)” or something that reflects the agreement between the parties. It would also help to identify the source of an unauthorized dissemination. Government institutions should clearly define in advance the purpose of an information exchange initiative and then consider whether the transfer of personal data is the best way to achieve this. Subsection 8 (2) (f) – Provinces, Foreign States and International Bodies: This paragraph permits the transfer of personal data to provincial and foreign governments and international bodies responsible for the management or enforcement of laws or the conduct of legal investigations when the disclosure is made under the terms of an agreement or understanding. Retention of personal data: In accordance with subsection 6 (1) of the Data Protection Act and sub-section 4 (1) of the Regulation, personal data used by a government institution for administrative purposes is retained by that government institution for at least two years after the last use of the information, unless the data subject accepts his or her previous decision. The law also requires that, when a request for access to personal data has been received, the institution retains the information until the person has the opportunity to exercise all legal rights (e.g.B. The right of recourse, the application for judicial review, etc.). The obligation to retain personal records would apply even if the records are relevant to an Access to Information Act application. If the proposal involves the sharing of particularly sensitive information, the Parties may even require the implementation of a threat assessment, risk assessment or similar security assessment in order to identify potential risks related to the exchange activity and develop strategies to reduce them as a precondition for sharing. .