I might add, too, that the question suggested some kind of deliberate transfer of data for the purposes of trade or law enforcement or whatever, but in fact data frequently travels through the States between one Canadian location and another. The routing system can take data into the United States and then return it to Canada. This can be even between two locations in the same city, but it goes through the U.S. In those circumstances, the possibility that the individual's information is subject to American law and therefore doesn't have any kind of protection for the individual is true as well. It happens incidentally as data is routed into the United States.
On June 14th, 2016. See this statement in context.