Editor’s Note: The Action Plan, issued jointly by Public Safety Canada (Sécurité Publique Canada), Department of Justice Canada (Ministère de la Justice Canada), US Department of Homeland Security and US Department of Justice, is attached here. The Information Security section of the document is reprinted below.
5. Information Security
Personal information is to be protected by appropriate technical, security and organizational procedures and measures to guard against such risks as loss; corruption; misuse; unauthorized access, alteration, disclosure or destruction; or any other risks to the security, confidentiality or integrity of the information. Only authorized individuals with an identified purpose are to have access to personal information.
Canada: U.S. Security Perimeter Privacy Principles
From: Mondaq
Article by Timothy M. Banks/Fraser Milner Casgrain LLP
As Canadians were getting ready to head off for a long-weekend, Canada and the U.S. released a Statement of Privacy Principles intended to govern sharing of information between the two countries in connection with the Canada-U.S. Security Perimeter agreement.
Canada and the U.S. have expressly declared that the Statement of Privacy Principles is non-binding and does not create any rights or obligations under domestic or international law. Accordingly, its utility appears to be limited to a guiding statement of intentions.
There are twelve principles. Three are particular worthy of noting:
Permission for Onward Transfers to Third Countries. Information shared by Canada with the United States (or by the United States with Canada) may be shared with third countries. For example, data shared by Canada with the U.S. may be shared with a third country if onward sharing would be consistent with the domestic law of the United States and any sharing conforms to international agreements and arrangements between the United States and third countries. If there are no applicable international agreements, the originating country (in our example, Canada) is supposed to be notified of the information transfer.
Redress. Canada and the United States are supposed to provide for remedies where a person’s privacy has been infringed by international sharing or where there has been a violation of data protection rules with respect to that individual.
Individual Access and Rectification. Canada and the United States are supposed to provide individuals with access to personal information as well as the ability to seek rectification and/or expungement of their personal information. If access is to be limited, the country restricting access is supposed to provide specific grounds consistent with domestic law.
Leave a Reply