2014 Census Program Test - Privacy impact assessment

Introduction

The next census will be conducted in May 2016. As one of Statistics Canada’s major statistical programs, the census requires careful planning to ensure its successful completion. An essential element to ensuring its success is the census test, traditionally scheduled two years prior to the census.

The 2016 Census of Population and the 2016 National Household Survey will likely include new content, as well as modifications to data collection procedures employed for the 2011 Census Program. The 2014 Census Program Test is designed to:

  • evaluate the impact of content changes on data quality, where content is defined as wording of questions and response categories, paper questionnaire format and usability, and the functionality and usability of electronic questionnaire applications
  • validate intended system functionality through a live test with the opportunity to observe the behaviour of staff when using the new systems, procedures and tools.

Objectives

The 2014 Census Program Test privacy impact assessment (PIA) identifies the privacy risks and associated mitigation measures planned for the 2014 Census Program Test, including a content test associated with the mandatory census questionnaire and the voluntary National Household Survey (NHS), as well as a field procedures test to validate modifications to the associated field procedures.

The PIA document summarizes Statistics Canada’s assessment of the privacy implications of the 2014 Census Program Test. This assessment complements the privacy impact assessments completed for the 2006 and 2011 censuses. It includes a review of the 10 privacy principles as they apply to the 2014 Census Test. Also included is an assessment of the risks to the privacy, confidentiality and security of respondents’ information as well as employees’ information with respect to staff engaged for field operations.

The PIA also identifies the risk areas and categorizes the level of potential risk (level 1 representing the lowest level of potential risk and level 4, the highest) associated with the collection and use of personal information.

Personal information of respondents:

  • Type of program or activity – Level 1: Program or activity that does not involve a decision about an identifiable individual.
  • Type of personal information involved and context – Level 3: Social insurance number, medical, financial, or other sensitive personal information, or the context surrounding the personal information is sensitive; personal information of minors or of legally incompetent individuals or involving a representative acting on behalf of the individual.
  • Program or activity partners and private sector involvement – Level 4: Private sector organizations, international organizations or foreign governments.
  • Duration of the program or activity – Level 1: One-time program or activity.
  • Program population – Not applicable: The program’s use of personal information is not for administrative purposes. Information is collected for statistical and related research purposes, under the authority of the Statistics Act.
  • Personal information transmission – Level 4: The personal information is transmitted using wireless technologies.
  • Technology and privacy: Systems employed for the 2014 Census Test are based on the technology approaches employed for the 2011 Census and the 2011 National Household Survey. The systems have been redeveloped to take advantage of updated technology and to introduce additional functionality identified through the evaluation of the 2011 Census Program.
  • Privacy breach: There is a very low risk of personal information being disclosed.

Personal information of personnel:

  • Type of program or activity – Level 2: Administration of program or activity and services.
  • Type of personal information involved and context – Level 3: Social insurance number, medical, financial, or other sensitive personal information, or the context surrounding the personal information is sensitive; personal information of minors or of legally incompetent individuals or involving a representative acting on behalf of the individual.
  • Program or activity partners and private sector involvement – Level 2: With other government institutions.
  • Duration of the program or activity – Level 1: One-time program or activity.
  • Program population – Level 1: The program's use of personal information for internal administrative purposes affects certain employees.
  • Personal information transmission – Level 4: The personal information is transmitted using wireless technologies.
  • Technology and privacy: Systems employed for the 2014 Census Test are based on the technology approaches employed for the 2011 Census and the 2011 National Household Survey. The systems have been redeveloped to take advantage of updated technology and to introduce additional functionality identified through the evaluation of the 2011 Census Program.
  • Privacy breach: There is a very low risk of personal information being disclosed without proper authorization.

Conclusion

Though a number of potential privacy concerns were identified, the privacy impact assessment provides information on how these are being addressed. The PIA concludes that appropriate mitigation measures have been implemented or are planned and that remaining risks are either negligible or are such that Statistics Canada is prepared to accept and manage the risk.