Contents
- Section 1: Overview
- Section 2: Risk Area Identification and Categorization
- Section 3: Analysis of the Personal Information Elements for the Program or Activity
- Section 4: Flow of Personal Information for the Program or Activity
- Section 5: Privacy Compliance Analysis
- Principle 1: Accountability
- Principle 2: Limiting Collection
- Principle 3: Direct Collection and Purpose Identification
- Principle 4: Retention
- Principle 5: Accuracy
- Principle 6: Disposal
- Principle 7: Limiting use
- Principle 8: Limiting Disclosure
- Principle 9: Safeguards
- Principle 10: Openness
- Principle 11: Individual Access
- Section 6: Threat and Risk Assessment
- Section 7: Summary of Analysis and Recommendations
- Section 8: Breach protocol
- Section 9: Supplementary Documents List
- Appendix 1 – PIA Summary
- Appendix 2 – Notification Statements for Survey Respondents
Section 1: Overview
Responsible department: Statistics Canada
Chief Privacy Officer: Director, Office of Privacy Management and Information Coordination
Subject-matter manager: Director, Collection, Planning and Research Division
Senior official: Assistant Chief Statistician, Census, Regional Services and Operations Field
Legal authority: Statistics Act
Reference to Personal Information Bank (PIB):
PIB – N/A
Project Description:
Under the authority of the Statistics ActFootnote 1, Statistics Canada is integrating a NetSupport quality control and performance management tool to its Data Collection and the Quality Control Monitoring Program.
Data Collection and the Quality Control Monitoring Program
Statistics Canada has the legislative mandate to collect, compile, analyse, abstract and publish statistical information relating to the commercial, industrial, financial, social, economic and general activities and condition of the people. Its two main roles are to provide statistical information and analysis about Canada's economic and social structure as well as to promote sound statistical standards and practicesFootnote 2.
To fulfill this mandate, the agency conducts interviews to collect survey information from respondents. This collection occurs on various topics and may be conducted by Statistics Canada employees via interviews amongst other methods. Statistics Canada data collection clerks will ask questions to a respondent by phone or in person and enter that information into the agency's secure collection softwareFootnote 3.
Efficient Statistical survey operations requires that data collection clerks have good interviewing skills. They must simultaneously maintain a good rapport with the respondent, understand the survey concepts, categorize the responses correctly, and enter the data accurately in the production environment. When data collection clerks are consistent in their delivery, Statistics Canada has assurance that the data is of high quality and can be compared across survey responses.
Monitoring of these activities provides an opportunity to evaluate the data collection clerks' skills, ensure data quality and identify areas for improvement in the interviewing process. It involves a third person, the monitor, who unobtrusively listens, observes, and assesses the interaction between the data collection clerk and the respondent. The NetSupport tool will give supervisors the ability to see the desktop screen of data collections clerks while listening to these interactions. Data collection supervisors are trained on how to evaluate these interactions and on how to provide constructive feedback to data collection clerks.
The tools and processes used for delivering feedback to data collections clerks are already part of a performance management framework that exists independently of NetSupport. While the NetSupport tool will be used in conjunction with other components of the quality control program, there are no technical or system linkages between it and other applications used for performance management.
Employees typically receive information regarding monitoring procedures through workplace policies and guidelines. Federal government public servants are advised to utilize government-provided equipment responsibly when carrying out their designated job responsibilities. This responsible usage is integral to fulfilling their duties effectively. Data collection clerks are made aware of the possibility of being observed via their Collective Agreement:
Article 60: call centre employees
60.01 Employees working in call centres shall be provided five (5) consecutive minutes not on a call for each hour not interrupted by a regular break or unpaid meal break.
60.02
- All call centre employees shall be provided the opportunity to participate in at least one (1) day of facilitated training on crisis intervention. In addition, new employees will also receive facilitated training on coping skills upon initial hire.
- All call centre employees shall be provided the opportunity to participate in a minimum of two (2) days of training annually on matters related to working in a call centre, such as training to reinforce coping skills.
60.03 Call monitoring is intended to improve performance by providing guidance and feedback to the employee and shall not be used for disciplinary purposes.
60.04 Coaching and development feedback resulting from call monitoring shall be provided in a timely and meaningful fashion.
Data collection clerks are also made aware of monitoring via the training they receive. For example, data collection clerks are asked to review applicable sections of the Quality Control Monitoring handbook as part of their training requirements.
The premise behind the ability to supervise discreetly and without detection is to allow supervisors to observe data collection clerks as they would naturally conduct an interview if they were not supervised. Any monitoring conducted by Statistics Canada is done in accordance with the Privacy Act and other relevant privacy laws, and respects the data collection clerk's and respondent's privacy rights. Respondents of Statistics Canada surveys are made aware of monitoring at the beginning of the interview. There is a standard statement in our survey scripts that indicates a supervisor may listen to the call for quality control purposes. When read by the data collection clerk during the interview, this equally serves as a reminder to the data collection clerk that the survey they are conducting may be monitored. The interview scripts also include statements that inform the respondent that any information they provide during the call is collected under the authority of the Statistics Act. When the data collection clerk reads these mandatory statements, it provides the opportunity for the respondent to make an informed decision to continue with the survey or refuse to participate (See Appendix 2).
NetSupport
NetSupport is a remote-control software, allowing remote screen access from a Windows device. The NetSupport application will reside on Statistics Canada's Azure Virtual Desktop (AVD) infrastructure, with access to the application being restricted to users involved in Data Collection within Statistics Canada's regional office (i.e., data collection supervisors and managers). These users are identified via Active Directory security groups, updated manually for hires and departures by Quality Control Monitoring Program administrators. Employees who will be subject to observation will be Statistics Canada data collection clerks conducting telephone surveys. No information that is viewed through NetSupport will be recorded or saved within the application.
The NetSupport application will require a password to access and this password will be aligned with all relevant guidance found within the Government of Canada's Password Guidance. The NetSupport application is inaccessible for any users without an internal Statistics Canada user account and the password to access the NetSupport application. External users are not granted access to NetSupport.
The purpose for using the NetSupport software is to provide Statistics Canada data collection clerks with the necessary training, support and coaching they need to meet Statistic Canada's standards for data quality control. This tool will allow supervisors to be able to conduct visual observation in real-time of their data collection clerk's desktop as they conduct their collection activities over the phone. It enables supervisors to provide detailed and timely feedback to data collection clerks about their performance based on their observations, which is crucial for the effectiveness of the Quality Control Monitoring Program.
The NetSupport software allows supervisors to provide comprehensive feedback to staff on core competencies in areas that cannot be addressed by auditory observation alone. For example, NetSupport enables supervisors to perform the crucial step of verifying in real-time that data collection clerks are entering data correctly during interviews, coding cases appropriately and following survey procedures. The absence of visual observation for monitoring puts significant limitations on the ability of the regional offices to conduct performance management for staff who conduct telephone surveys. These limitations directly impact the ability to ensure the highest quality data is being collected at all times.
The uses of personal information from telephone interviews are addressed by the Generic Privacy Impact Assessment for Statistics Canada's Statistical Programs. No additional uses of personal information from these interviews will be generated by the use of NetSupport. For instance, the NetSupport application will not be used to record, collect, retain, or disclose any personal information. Privacy concerns related to those purposes fall under the umbrella of Statistic Canada's data collection activities and are thus considered out of scope for this assessment.
Furthermore, the proposed use of NetSupport does not change the current framework for the Quality Control Monitoring program. Therefore, the practices, procedures and tools for monitoring that were in place under existing privacy impact assessments will not be re-assessed in this document (see Computer-Assisted Personal Interviewing Monitoring Program – Privacy impact assessment summary, now covered under the Generic Privacy Impact Assessment for Statistics Canada's Statistical Programs).
Impacts of NetSupport and Justification
Although NetSupport will not be saving or recording any personal information, users of the software will have access to view the respondent's personal information while it is visible on the data collection clerk's screen. This may contain personally identifiable information such as names, addresses, ages, and other demographical information, as well as responses to our survey questions. Given the confidential nature of this information, the use of NetSupport will be restricted to supervisors and managers who have a need-to-know, and have taken the Statistics Canada Oath of OfficeFootnote 4. These employees receive training on how to handle and protect confidential information that is subject to the Statistics Act and the Privacy Act . This is reflected below, as per the Generic Privacy Impact Assessment for Statistics Canada's Statistical Programs:
Statistics Canada's activities are, by their very nature, privacy-intrusive. Statistics Canada is committed to respecting respondents' personal privacy by limiting collection, access and use of their personal information, and safeguarding their information at all times. Ensuring that appropriate security measures are in place to do so is critical to the Agency's mandate and its relations with respondents. Statistics Canada's commitment to keep, in trust, the information it obtains from the Canadian public is enshrined in both the Statistics Act and the Agency's policy suite and practices that frame its data collection, analysis and dissemination activities.
Since NetSupport will be used to monitor the activities of data collection clerks collecting information under the authority of the Statistics Act, the confidentiality provisions of the Act are applicable. This means that all privacy and security procedures and measures to protect the privacy and confidentiality of the information from a telephone interview are equally in place for observations made by supervisors via NetSupport.
In addition to the training and the Oath of Office, supervisors are expected to understand and abide by the Values and Ethics Code for the Public Sector and Statistics Canada's Code of Conduct at all times. The expected behaviours outlined in the Values and Ethics Code for the Public sector and Statistics Canada's Code of Conduct clearly outlines expectations relating to the obligation to abide by all of Statistics Canada and Treasury Board Secretariat policies and directives including but not limited to the standards of performance. Therefore, supervisors are well informed of the expectations for the use of the tool and ensuring they conduct their duties in a professional manner. Employees who are found to be in contravention of the Values and Ethics Code for the Public Sector or Statistics Canada's Code of Conduct may be subject to disciplinary action, up to and including termination of employment or criminal charges.
This assessment will illustrate the necessary precautions being taken to limit the risks involved with using NetSupport. Consideration for these measures will extend beyond the risks associated with the privacy of respondents and will also include mitigation strategies for privacy concerns of data collection clerks. For example, to reduce privacy risks for data collection clerks, the use of NetSupport will be limited to observing work-related performance only and for limited durations (e.g., 20 minutes per monitoring session). The user settings for users will also be restricted so that features that go beyond the purposes of monitoring performance will be disabled. Since the NetSupport application is customizable, Statistics Canada will ensure that features for audio monitoring, recording of audio or video will be disabled to ensure it meets security and privacy procedures.
Furthermore, permissions for user accounts will be standardized and aligned with internal security procedures. Statistics Canada is currently undergoing a Security Assessment and Authorization process with our internal Cyber Security teams. This process is focused on identifying any potential vulnerabilities to the application and to ensure NetSupport will be used in accordance with all relevant confidentiality, cyber security, and privacy provisions. Statistics Canada is committed to following the recommendations outlined in this Security Authorization and Assessment process to protect the privacy and enhance security of its users.
Section 2: Risk Area Identification and Categorization
The following table evaluates the aggregate risk of the proposed initiative against a suite of standard dimensions applicable to most Statistics Canada programs and activities. The numbered risk scale is presented in an ascending order: level 1 represents the lowest level of potential risk for the risk dimension; the fourth level (4) represents the highest level of potential risk for the given risk dimension.
Applicable risk level for each dimension is in BOLD.
| a) Type of program or activity Risk scale |
|
|---|---|
| Program or activity that does NOT involve a decision about an identifiable individual. | 1 |
| Administration of program or activity and services. | 2 |
| Compliance or regulatory investigations and enforcement. | 3 |
| Criminal investigation and enforcement or national security. | 4 |
| b) Type of personal information involved and context | Risk scale |
| Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program. | 1 |
| Personal information, with no contextual sensitivities after the time of collection, provided by the individual with consent to also use personal information held by another source. | 2 |
| Social Insurance Number, medical, financial or other sensitive personal information or the context surrounding the personal information is sensitive; personal information of minors or of legally incompetent individuals or involving a representative acting on behalf of the individual. | 3 |
| Sensitive personal information, including detailed profiles, allegations or suspicions and bodily samples, or the context surrounding the personal information is particularly sensitive. | 4 |
| c) Program or activity partners and private sector involvement | Risk scale |
| Within the institution (among one or more programs within the same institution). | 1 |
| With other government institutions. | 2 |
| With other institutions or a combination of federal, provincial or territorial, and municipal governments. | 3 |
| Private sector organizations, international organizations or foreign governments. | 4 |
| d) Duration of the program or activity | Risk scale |
| One-time program or activity. | 1 |
| Short-term program or activity. | 2 |
| Long-term program or activity (ongoing). | 3 |
| e) Program population* | Risk scale |
| The program's use of personal information for internal administrative purposes affects certain employees. | 1 |
| The program's use of personal information for internal administrative purposes affects all employees. | 2 |
| The program's use of personal information for external administrative purposes affects certain individuals. | 3 |
| The program's use of personal information for external administrative purposes affects all individuals. | 4 |
| * The program's use of personal information is not for administrative purposes. Information is collected for statistical purposes, under the authority of the Statistics Act. | * |
| f) Personal information transmission | Risk scale |
| The personal information is used within a closed system (i.e., no connections to the Internet, Intranet or any other system and the circulation of hardcopy documents is controlled). | 1 |
| The personal information is used in a system that has connections to at least one other system. | 2 |
| he personal information is transferred to a portable device (i.e., USB key, diskette, laptop computer), transferred to a different medium or is printed. | 3 |
| The personal information is transmitted using wireless technologies. | 4 |
| g) Technology and privacy | |
|
Does the new or substantially modified program or activity involve implementation of a new electronic system or the use of a new application or software, including collaborative software (or groupware), to support the program or activity in terms of the creation, collection or handling of personal information? The NetSupport software will be used to support the existing quality control and performance management program of the regional offices. It will assist supervisors with fulfilling their responsibility of monitoring telephone interviews and provide performance feedback. It does not collect, use, retain or disclose any personal information. Aside from the request for the NetSupport Manager application itself, no new electronic systems or applications are needed to support the program in terms of the collection, use, retention or disclosure of personal information. |
|
|
Does the new or substantially modified program or activity require any modifications to information technology (IT) legacy systems? Yes, the application will need to be integrated into our networks to allow users to view the activity of the data collection clerks. This will require some modifications to our current firewalls in order to ensure this connection is established. Shared Services Canada (SSC) and Statistics Canada's IT partners have conducted preliminary testing and it has been confirmed that integration is feasible. |
|
|
Specific technological issues and privacy Does the new or substantially modified program or activity involve implementation of new technologies or one or more of the following activities:
Yes – it includes surveillance as an administrative tool to measure the performance (via visual observation) of Statistics Canada's data collection clerks. Since the information that may be accessed through NetSupport may potentially be personally sensitive for our respondents, it could be perceived as surveillance of respondents as there will be an additional person viewing their responses as they are submitted. To address this concern, the respondents will be made aware during the telephone call that a supervisor may be listening for the purpose of quality control. It is important to note that the surveillance purposes of the program are restricted to improving internal quality control practices only. For example, the NetSupport application will be used to observe if the data collection clerk is following procedures, entering data correctly and using appropriate techniques such as probing. The responses provided in a questionnaire by the respondent are not particularly relevant to the user who is accessing the information. They are a by-product of the quality control work, and not the main focus. Irrespective of the relevance of the data, all confidential information that is observed via NetSupport will be protected under the Statistics Act Oath of Office that is taken by the NetSupport user and the guidelines of the Values and Ethics Code. This protection applies to both the data collection clerk's activities and the respondent's participation. |
|
| A YES response indicates the potential for privacy concerns and risks, which will require consideration and, if necessary, mitigation. | |
| h) Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee. | |
|
The potential risk of a privacy breach involving our organization's use of NetSupport is very low. The impact of a privacy breach on the individual or employee will be very limited due to the measures in place. Statistics Canada has legislation and practices that reduce and mitigate the potential risks involved in handling confidential information. Data Collection Supervisors will be using the NetSupport software for visual observation while conducting a monitoring session of the data collection clerk's telephone interview. These supervisors are deemed employees who have sworn an Oath of Office to protect the confidential information they encounter during their work activities. For their jobs, they handle and encounter confidential information on a daily basis and must adhere to the guidelines and repercussions of the Statistics Act and the Privacy Act. Statistics Canada is taking precautionary measures to reduce the impacts for individuals and employees regarding the use of NetSupport. For example, we are disabling features within the application that would pose additional privacy risks, such as recording, so that it cannot save or retain information, and we are ensuring that these measures remain in effect to prevent any inadvertent activation of such features or functions in the future. NetSupport is currently undergoing a security assessment and Statistics Canada is committed to following its recommendations to protect the privacy and enhance security of its users. Also, the application will solely be used for the purpose of monitoring the work activities of data collection clerks and helping supervisors conduct performance management. These restrictions provide an accountability framework for limiting the possibility for confidential information to be disclosed improperly. Safeguards are also in place to prevent the risk of a privacy breach coming from unauthorized access to NetSupport. In addition to the existing security measures for preventing outside access to our networks, the application will be customized for enhanced security. This will involve requirements for user accounts, as well as passwords, and two-factor authentication, further limiting the group of people who may have access to the application. |
|
| i) Potential risk that in the event of a privacy breach, there will be an impact on the institution. | |
|
The potential risk for a privacy breach involving NetSupport to impact the institution will be very limited due to the measures in place. The practices and safeguards for using NetSupport will offer reasonable layers of accountability in the event that confidential information viewed via NetSupport is improperly disclosed. This organizational infrastructure will allow for a breach to be dealt with efficiently in a manner that reduces the impact on the institution. For example, the regional offices will be responsible for managing users of the program and ensuring their work activities adhere to the requirements of the Statistics Act. The checks and balances that exist within the reporting structure of the regions will help to ensure that users are held accountable for their use of NetSupport. In the event of wrongful disclosure of confidential information, users of NetSupport will be subject to the same recourse as for activities undertaken for general statistical programs (see Generic Privacy Impact Assessment for Statistics Canada's Statistical Programs). Furthermore, since the application will not be used to retain or store data there is a reduced risk for mishandling of information. |
|
Section 3: Analysis of the Personal Information Elements for the Program or Activity
NetSupport will be used to support the existing monitoring program in the regional offices. As such, the tools that are already in place for monitoring, including those used for entering monitoring feedback, are not duplicated in the analysis for this assessment.
Users of NetSupport will have access to view personal information that is visible on the data collection clerks' screen. This may contain personally identifiable respondent information such as names, addresses, ages, and other demographical information, as well as responses to survey questions. Any personal information viewed via NetSupport is not, however, collected, recorded or retained within NetSupport itself. The moment the data collection clerk who is being observed continues to the next question, the responses to the previous questions are inaccessible. The supervisors and managers who will use NetSupport have completed the Oath of Office and are authorized under the Statistics Act to access this information.
Necessity and Proportionality
The use of personal information for the program can be justified against Statistics Canada's Necessity and Proportionality Framework:
- Necessity:
For the purposes of this assessment, it is important to note that no personal information or identifiers will be retained through the use of NetSupport. The software will instead be used by supervisors to see the information on data collection clerk's desktop so that they can adequately train and support them.
The necessity for this application is driven by the need to maintain the highest possible standards of data collection. Two main roles arise from Statistics Canada's mandate. These are to provide statistical information and analysis about Canada's economic and social structure as well as to promote sound statistical standards and practices. The coaching and training of the staff who complete the front-line data collection is paramount in assisting Statistics Canada with achieving these two objectives and fulfilling its mandate.
Without visual verification, supervisors are lacking a critical element to support the development of the data collection clerks and to address performance management concerns in a timely manner. For example, if a data collection clerk is not managing their time effectively, it is important that it be addressed as quickly as possible in order to correct the performance issue. NetSupport will allow the supervisor to see how the employee is spending their time while in a case and observe how efficiently they move through tasks such as reading the case notes before calling a case. This type of information is crucial for adequately evaluating data collection clerk's performance, especially in instances where performance is a factor when assessing staffing needs including the renewal of determinate appointments.
NetSupport is an essential tool for providing detailed and timely feedback to data collection clerks. NetSupport enables supervisors to complete this function within the current monitoring framework for evaluating the performance of data collection clerks (see Computer-Assisted Personal Interviewing Monitoring Program – Privacy impact assessment summary, now covered under the Generic Privacy Impact Assessment for Statistics Canada's Statistical Programs). The use of NetSupport will allow supervisors to deliver a comprehensive performance management program that focuses on coaching and training staff on core competencies. This will have a direct, positive impact on the advancement of interviewing techniques and the quality of the data that is collected and subsequently disseminated.
Additionally, improving Statistics Canada's Quality Control Monitoring process via the procurement of NetSupport will help meet the agency's commitment to sound statistical standards. Without visual observation, the supervisors are not fully equipped to ensure the standards for quality control on their surveys. For example, supervisors with no visual observation are less likely to become aware of errors on a survey and/or it will take longer for these types of issues to be discovered (e.g., technical glitches with the flow of a questionnaire, inconsistency among data collection clerks on as survey for coding and issues with the wording of a script). With NetSupport, however, the supervisors can ensure the highest standard for quality control on surveys since they can complete comprehensive quality checks in a timely manner.
- Effectiveness - Working assumptions:
NetSupport will allow Statistics Canada to conduct visual observation on the data collection activities of data collection clerks for performance management purposes. The software will enable supervisors to obtain more accurate and timely information about the performance of data collection clerks. This will help with identifying areas where more coaching and mentoring of staff is needed and whether there are gaps in the training that data collection clerks receive for developing interviewing skills.
NetSupport is an effective tool for monitoring the progress of data collection clerks because it allows supervisors to see in real-time if a data collection clerk has applied the feedback they were given about their performance. Unlike static sources of data to cross-reference such as outcome code reports, NetSupport provides a window into the data collection clerk's live interviewing skills, which is an irreplaceable tool for evaluating data collection clerks' performance in a comprehensive and effective manner.
For data collection clerks who are struggling to meet performance expectations, NetSupport is a particularly effective supervisory tool for pinpointing the areas where improvement is needed in a timely manner. Likewise, NetSupport is a highly effective tool for conducting follow-ups and verifying that a data collection clerk who has received feedback has then successfully incorporated it into their interviewing skills. Audio observation alone does not provide the same amount of detailed information that a supervisor needs to provide meaningful performance feedback to data collection clerks. The visual observation provided via NetSupport is a layer of supervision that adds the context and details needed for the regional offices to make informed decision-making related to performance, including staffing.
- Proportionality:
The use of NetSupport involves a third party who is a Statistics Canada supervisor or manager sworn under the Oath of Office, who will observe the telephone interview taking place, including the data collection clerk's screen and respondent answers during the call. Respondents will be advised that a supervisor may listen to their interview, and they will be afforded the possibility to express any concerns, and/or state that they do not consent.
Quality control and data accuracy are long-standing and well-established principles at Statistics Canada and are necessary for the agency to deliver on its mandate. NetSupport will support a comprehensive program for monitoring that will ensure high standards are maintained.
The use of NetSupport will also be beneficial to performance management. Data collection clerks are informed when hired and through subsequent training that their performance will be monitored. Monitoring helps supervisors provide training, coaching and mentoring, which data collection clerks need to fulfill the requirements of their positions, and subsequently contribute to the production of information that benefits Canadians.
The information observed by supervisors through NetSupport will be used strictly for performance management purposes and it is protected under the Statistics Act. Users of NetSupport are sworn under the Oath of Office and will have received the proper training for viewing sensitive respondent information. As well, users of the application are only provided with access to the functions that are required for their position.
- Alternatives:
The absence of visual observation within the quality control program is no longer an alternative for Statistics Canada as it poses risks to the quality of service Statistics Canada is responsible for providing to Canadians. Remote control software functionality is a key requirement for ensuring data collection supervisors are able to deliver on the commitment of providing adequate performance feedback to interviewers for the development and maintenance of excellent interviewing skills.
An alternative form of visual observation would be to have a supervisor observe a data collection clerk in person as they conduct surveys over the phone. However, this is not feasible as data collection clerks work remotely. Additionally, this would entail that the data collection clerk know when they are being observed, which could alter their performance. Another alternative form of visual observation would be to record a data collection clerk's screen as they are conducting the survey by phone and have a supervisor watch the recording from a saved file. This alternative would not allow real-time observation and would create additional privacy concerns related with the recording, saving and transferring those files.
Section 4: Flow of Personal Information for the Program or Activity
The purpose for using NetSupport is to observe how the data collection clerk conducts the survey rather than what personal information is being collected. Any personal information incidentally observed by supervisors while the survey is being conducted is subject to the authority of the Statistics Act. Data collection clerks receive training on how to conduct survey collection and they have taken the Oath of Office. Theserequirements are equally applied to the data collection supervisors who will be using NetSupport.The data collection clerk's survey collection activities are out of scope for this PIA and were assessed in Statistics Canada's Generic Privacy Impact Assessment for Statistics Canada's Statistical Programs.
The following only focusses on the use of NetSupport for the live monitoring by supervisors of data collection clerks during survey collection, which does not in itself involve the collection, use or retention of personal information.
Identify the source(s) of the personal information collected and / or how the personal information will be created.
Supervisors will use the NetSupport software to bring up a thumbnail list of all the connected workstations of data collection clerks. From the list view, the supervisor will select the thumbnail of the available data collection clerk they would like to monitor. Prior to establishing a connection on NetSupport, the supervisor will be required to enter their User ID and Password. Once these credentials are entered into the system, the supervisor can view the selected data collection clerk's desktop screen to conduct their monitoring session. When the monitoring session is over, the supervisor selects disconnect to end the observation.
While data collection clerks speak to respondents over the phone, supervisors in the regional office will simply use NetSupport to periodically observe their performance and ensure quality control of interviewing techniques. The Watch mode user restrictions we will put in place will ensure that the personal information from the interview is not collected or saved via NetSupport. Statistics Canada will ensure that alternative functions of NetSupport are not activated in order to prevent any inadvertent use of these functions which could potentially collect, use, retain or disclose any personal information.
Statistics Canada's Code of Conduct clearly outlines the expectations relating to the use of work equipment and the obligation to abide by the Network Use Policy. Should non-compliance with network use guidelines be observed through NetSupport, supervisors would follow up with data collection clerks to remind them of correct practices for handling personal information. In addition to this, when connecting to the VPN, all employees must read and accept the prompt that indicates that they may be monitored and reported and that they agree to ensure that no unauthorized person can see Protected information displayed on their screen. Employees who are found to be in contravention of these may be subject to disciplinary action, up to and including termination of employment.
Identify both internal and external sources for the personal information's use and disclosure. That is, identify the areas, groups and individuals who have access to or handle the personal information and to whom it is provided or disclosed.
There are approximately 140 Data Collection Supervisors who conduct Quality Control monitoring. They will be granted permissions to the application in accordance with departmental and organization security procedures. User ID, password and two-factor authentication will be required. The user settings will be restricted further to Watch mode only so that features that go beyond the purposes of monitoring performance will be disabled. For example, supervisors will not have access to Control mode, which would allow them to enter keystrokes and mouse movements on behalf of the data collection clerk.
Identify where the personal information will transit and will be stored or retained.
As indicated previously, personal information will not be stored or retained in the NetSupport application. It will only be visible in real-time as the respondent provides the information to a Statistics Canada data collection clerk over the telephone. The moment the data collection clerk moves on to the next question, the NetSupport user will no longer have access to the previous question's response. Any NetSupport features that would lead to retention of this information (audio or visual recordings) will be disabled. The information viewed via NetSupport will be restricted to deemed employees only who are bound under oath to protect the confidential information they encounter.
The use of NetSupport for quality control does not invoke a re-evaluation of approved processes related to performance management that involve storing personal information. The NetSupport tool is separate from other applications that have been used for many years in Statistic Canada's quality control program for documenting and evaluating performance. NetSupport does not connect to these applications from a technical or systems standpoint and no data will be extracted from NetSupport, nor saved by the application. It is simply going to be used to give data collection supervisors the ability to see the desktop screen of the data collection clerk they are listening to so that they have a more comprehensive understanding of what they are observing.
Identify where groups and individuals can access the personal information.
Survey responses would only be visible to the supervisor during the interaction between the respondent and the data collection clerk in real-time. As nothing is being saved or stored, the information is essentially deleted the moment that the monitoring session has reached its conclusion. Furthermore, access to NetSupport is restricted to only those employees who require it for performance management purposes. This access will be managed by the regional offices and only deemed employees who have a need-to-know to perform their duties, and sworn the oath of office will have authorization to use it.
Information regarding performance feedback is provided to data collection clerks verbally following the completion of their monitoring session. Feedback from using NetSupport will be treated with the same rigorous standards as all other forms of performance management conducted by data collection supervisors. Documentation related to performance is stored securely and limited to a need-to-know basis.
Upon request, Statistics Canada will provide employees with access to their personal information held by the agency.
Section 5: Privacy Compliance Analysis
As recommended by the Office of the Privacy Commissioner's Guide to the Privacy Impact Assessment Process, this program has been assessed against the following principles that are based on the Organization for Economic Co-operation and Development's (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
Principle 1: Accountability
Statistics Canada is responsible for all personal confidential information collected and used under authority of the Statistics Act. The agency is (also) responsible for all personal information under its control and has designated individuals who are accountable for the agency's compliance with the obligations of federal departments to respect privacy rights as described in sections 4 to 8 of the Privacy Act.
The Director of the Office of Privacy Management and Information Coordination is Statistics Canada's Chief Privacy Officer (CPO) and is accountable for the department's compliance with the principles contained in this document. The CPO is also responsible for the development of Statistics Canada's policies related to information, including all aspects of information classification, control, and access and for providing advice, guidance, and assistance in the implementation of information security measures.
The Chief Security Officer (CSO) is responsible for the day-to-day operations of the Departmental Security Office, and for the development and administration of the security program for Statistics Canada.
Regional Assistant Directors, as directed by the Regional Directors, Collection Regional and Services Branch, are responsible for applying all relevant central Agency and Statistics Canada policies related to privacy and the protection of personal information used as part of the Quality Control Monitoring Process, including information accessed via the NetSupport software.
An individual is able to address a challenge concerning compliance by Statistics Canada with the above principles.
Complaints may be addressed to:
Chief Privacy Officer
Statistics Canada
R.H. Coats Building, 2nd floor
100 Tunney's Pasture Driveway
Ottawa, Ontario K1A 0T6
Telephone: 613-951-0466
E-mail: statcan.atip-aiprp.statcan@statcan.gc.ca
In addition, under the Privacy Act, individuals may make a complaint to the Office of the Privacy Commissioner of Canada, who will undertake an investigation.
Principle 2: Limiting Collection
Visual observation is necessary for a comprehensive Quality Control Monitoring Program that adequately provides data collection clerks with feedback on their interviewing skills. Although NetSupport offers a variety of functions that could be "nice-to-have", Statistics Canada is restricting its usage of the tool solely to the necessary function of providing visual observation.
Supervisors' use of NetSupport will be limited only to quality control and performance management purposes. They will search for available data collection clerks who are in the midst of conducting telephone interviews and limit their use of the software to conduct monitoring sessions of approximately 20 minutes. None of the personal information observed via NetSupport will be retained or collected by using the application. It is simply a tool that will provide the supervisor with a source of visual observation of the data collection clerk's activities to enhance the quality of the performance feedback they can provide.
Principle 3: Direct Collection and Purpose Identification
Data collection clerks are made aware of the possibility of being observed via their Collective Agreement and the training they receive. Although data collection clerks are informed that their work activities will be monitored, they are not informed of the exact times that they are being monitored. This allows the supervisor to observe how the data collection clerk naturally conducts telephone surveys, without the awareness that they are being observed. If the data collection clerk is aware that a supervisor is observing, they are far more likely to be on alert and adjust their behaviour accordingly. This would diminish the quality of the monitoring session and prevent the supervisor from obtaining an accurate sample of the data collection clerk's typical performance.
With visual observation via NetSupport, supervisors will have a more complete picture of a data collection clerk's performance during telephone interviews. This will increase the quality of the feedback supervisors can provide using performance management tools that are independent of NetSupport. These tools are already in use by the regional office and were previously assessed (see Computer-Assisted Personal Interviewing Monitoring Program – Privacy impact assessment summary, now covered under the Generic Privacy Impact Assessment for Statistics Canada's Statistical Programs).
For respondents, there is a standard statement in our survey scripts that indicates a supervisor may listen to the call for quality control purposes. The interview scripts also include statements that inform the respondent that any information they provide during the call is collected under the authority of the Statistics Act (see Appendix 2).
Principle 4: Retention
Personal information of respondents collected during the survey interview being observed through NetSupport will not be retained, saved or reproduced via NetSupport. Users of NetSupport will only be able to view data that is currently on the data collection clerk's screen. As the data collection clerk moves to the next question in the survey, the user of NetSupport will no longer have access to the response from the previous questions.
Principle 5: Accuracy
Since NetSupport allows for real-time visual observation, it provides the opportunity for supervisors to identify inaccuracies in a timelier manner than with auditory observation on its own. This includes inaccuracies in the survey flow for telephone surveys, errors in the script and coding issues such as the unavailability of outcome codes. NetSupport also enables supervisors to effectively validate procedural adherence throughout the interviewing process (e.g., reviewing the case notes and history of attempts prior to calling, following instructive information in the notes if applicable and entering case notes after calls when warranted). With NetSupport, supervisors can confirm procedural adherence via their visual observations in real-time, without the additional burden of having to search for/access the cases themselves. This greatly facilitates the supervisor's role in providing accurate feedback to their staff in a timely manner.
In the application of Statistics Canada's policies, guidelines and practices related to the accuracy of personal information, the Collection, Planning, and Research Division has implemented the following:
The respondents' personal information will be accurate as it is being provided directly by the respondents in real-time. The procurement of this software will actually help us ensure that the information being entered into our questionnaires by data collection clerks is accurate, as it provides us with the opportunity to conduct real-time validation.
The goal of improving accuracy is at the heart of the reason why the NetSupport software is so essential for our organization. Data collection clerks need to receive accurate information about their performance so that they can identify issues and improve their performance. NetSupport gives supervisors the opportunity to accurately pinpoint to data collection clerks where a data entry issue occurred and how they can improve interviewing techniques.
Principle 6: Disposal
As indicated previously, personal information will only be viewed in real-time by authorized users of NetSupport and for the purposes of quality control and performance management. Any NetSupport features that would allow the saving, or retention of personal information observed through the application, will be disabled for all users.
The only information that is accessible through this software is the information that is displayed on the data collection clerk's screen during a monitoring session. As soon as the questionnaire progresses to the next question, the user who is accessing the information through NetSupport will no longer have access to the previous questions' response. The information accessed through NetSupport is not saved, retained, or reproduced through the software.
Principle 7: Limiting use
The uses of personal information from telephone interviews are addressed by the Generic Privacy Impact Assessment for Statistics Canada's Statistical Programs. No additional uses of personal information from these interviews will be generated by the use of NetSupport. As stated previously, the purpose for using NetSupport is solely based on the need to meet quality control and performance management objectives. Personal information, whether related to the respondent or the data collection clerk, is not extracted from the NetSupport application. The software will simply mean that an observer, who has undertaken the Oath of Office, will be viewing the interaction take place.
Data collection clerks inform all respondents who are completing a survey with Statistics Canada over the telephone that the interview can be monitored (see Appendix 2). Respondents may, upon request, ensure that their calls are not observed for quality-control purposes by advising the data collection clerk of their wishes.
NetSupport will be used to enhance the quality of the feedback that is currently being provided by supervisors in the regional offices to data collection clerks under the existing Quality Control Monitoring Program. This tool will not, however, impact reports or other applications which have already been approved for evaluating the performance of data collection clerks and providing them with feedback.
Principle 8: Limiting Disclosure
All information viewed via NetSupport is protected under the authority of Statistics Act. NetSupport will be used solely for the purposes of quality control and performance management. Consent is confirmed during telephone interviews via a statement that a supervisor may listen to the call for quality-control purposes.
Statistics Canada will not disclose personal information observed via NetSupport except for disclosure as permitted by the Statistics Act or the Privacy Act. There will be no sharing of information related to NetSupport unless there is a need-to-know basis between supervisors and/or managers as part of their job duties.
Principle 9: Safeguards
Statistics Canada takes seriously its legal obligation to safeguard the personal information of all Canadians. The agency has had in place a framework of policies, directives, procedures and practices to safeguard protected information, including personal information, against loss, theft, unauthorized access or disclosure. They are supported by physical, organizational and technological measures that protect all the personal information that Statistics Canada holds.
To help protect personal information against inappropriate access, we will ensure that access to the NetSupport application will only be provided to supervisors who are trained and authorized to conduct Quality Control Monitoring. There is a standard training conducted by a Data Collection Manager who is deemed to be a "Quality Control Monitoring Master Trainer". This training is provided to the supervisors who will undertake this work, all of whom will have signed the Oath of Office. In addition, supervisors who are given authorization to use NetSupport are trained on the relevant privacy and security measures in place to safeguard it, including the Statistics Act and the Privacy Act.
The NetSupport software will only be available upon request for users who require it, and access will be managed within the regional offices. The need for access is determined by data collection managers based on which supervisors need to conduct quality control monitoring of telephone interviews. The safeguards in place for access will mean that a service request will need to be submitted to a helpdesk support team for access to be granted. For additional safeguards, NetSupport will require a User ID and password to access the application. This password will only be provided to authorized users. Two-factor authentication will be used to ensure only authorized users may access the application. Based on preliminary testing that has been conducted by Shared Services Canada (SSC) and our IT partners, the plans for integrating NetSupport are feasible.
Principle 10: Openness
Statistics Canada makes readily available specific information about its policies and practices relating to the management and protection of personal information. Information regarding the use of personal information in the form of a Privacy notice can be found on the agency's website at www.statcan.gc.ca.
Summaries of approved Privacy Impact Assessments are also available from the website, under "About us – Privacy impact assessments" (http://www.statcan.gc.ca/about-apercu/pia-efrvp/pai-efvp-eng.htm).
Information on the Statistics Canada website related to policies and procedures
The agency's Privacy Notice (Privacy notice) can be found under "About us – Terms and conditions and Privacy" on the Statistics Canada website (About StatCan), where there is also information about:
- the agency's Privacy Framework (Statistics Canada's Privacy Framework: Preface)
- protecting confidential information and privacy at Statistics Canada;
- privacy-related policies and practices at Statistics Canada;
- what record linkage is and how it is used at Statistics Canada;
- Statistics Canada's Directive on Microdata Linkage;
- approved linkages at Statistics Canada, with their purpose, description and output
Statistics Canada's Trust Center also provides answers to questions on the security, privacy and confidentiality of personal information. (Statistics Canada's Trust Centre)
Furthermore, respondents are advised while completing a survey on the telephone with one of our data collection clerks that their call may potentially be observed for the purposes of quality-control (see Appendix 2). This also acts as a reminder to data collection clerks that the call may be monitored, but they are also informed via their collective agreement and training that their interviewing performance will be monitored. The interview scripts also include statements that inform the respondent that any information they provide during the call is collected under the authority of the Statistics Act.
Contacts for further information
For further information about NetSupport, the contact person is:
Program Manager of the Business Integration, Collection, Planning, and Research Division
Statistics Canada
150 Tunney's Pasture Driveway
Ottawa, Ontario K1A 0T6
Telephone: 902-220-9153
Email: Patrick.Ellis@statcan.gc.ca
Principle 11: Individual Access
Upon request, Statistics Canada will provide respondents and employees with access to their personal information held by the agency.
If respondents wish to make a formal request for access to their personal information under the Privacy Act, the contact person at Statistics Canada is:
Access to Information and Privacy Coordinator
Statistics Canada
R.H. Coats Building, 2nd floor
100 Tunney's Pasture Driveway
Ottawa, Ontario K1A 0T6
Telephone: 613-951-0466
E-mail: statcan.atip-aiprp.statcan@statcan.gc.ca
Section 6: Threat and Risk Assessment
The purpose of this section is to assess NetSupport for potential threats and risks that could compromise privacy. It outlines existing Statistics Canada safeguards, the probability of occurrence of the threat, and the severity of the impact as it relates to the privacy and protection of respondent information.
Statistics Canada currently employs numerous safeguards to reduce threat probabilities; these safeguards are described in agency policies, directives, practices, tools and/or techniques.
Ratings for threat probability, impact and residual risk are defined and presented as follows:
Threat: An undesirable event with the potential to compromise privacy or breach data confidentiality.
Threat probability: The likelihood that the threat will occur, given the existing Statistics Canada safeguards. The threat probability is rated numerically.
- Level 1: The threat can only come about through the use of very specialized knowledge and/or costly specialized facilities and/or a sustained effort. The threat is unlikely to occur.
- Level 2: The threat requires some specialized knowledge and/or facilities and/or a special endeavor to create or take advantage of the threat opportunity. The threat is somewhat likely to occur.
- Level 3: The threat opportunity is widely available and can occur either intentionally or accidentally with little or no specialized knowledge and/or facilities. The threat is very likely to occur.
Impact: The effect on the privacy of a respondent in the event that a threat is realized and his or her information is compromised. The level or degree of impact is expressed in terms of outcome severity as it relates to individual privacy.
- Level 1: Minor injury with no or minimal harm or embarrassment to the individual.
- Level 2: Moderate injury causing some harm or embarrassment to the individual, but with no direct negative effects.
- Level 3: Severe injury such as lasting harm or embarrassment that will have direct negative effects on an individual's career, reputation, financial position, safety, health or well-being.
Residual risk: A numeric rating is arrived at through an assessment and comparison of the threat probability and the impact to individual privacy.
Threat and Risk Assessment Grid
NetSupport
| Threats | Existing Statistics Canada Safeguards |
Probability | Impact | Residual Risk | Assessment of Residual Risk |
|---|---|---|---|---|---|
| Environment: Risk associated with the privacy of respondents – within Statistics Canada | |||||
| Activity: Access to the Respondent's survey answers in real-time | |||||
| 1. There is unauthorized access to NetSupport by a non-Statistics Canada employee. | The server shall be located within the StatCan Azure cloud tenant, which is Protected B certified. StatCan employees supporting the cloud infrastructure as well as Application Hosting employees will have login access to the server. Informatics security measures include protection by a firewall, configuration and access via Statistics Canada's secure internal network. NetSupport access requires a specific username and password that is limited to the authorized employees involved in the Quality Control Monitoring Program conducted within the Collection and Regional Services Division. | 1 | 1 | 1 | Acceptable |
| 2. There is unauthorized access to NetSupport by a Statistics Canada employee. | The server shall be located within the StatCan Azure cloud tenant, which is Protected B certified. StatCan employees supporting the cloud infrastructure as well as Application Hosting employees will have login access to the server. Informatics security measures include protection by a firewall, configuration and access via Statistics Canada's secure internal network. NetSupport access requires a specific username and password that is limited to the authorized employees involved in the Quality Control Monitoring Program conducted within the Collection and Regional Services Division. | 1 | 1 | 1 | Acceptable |
Section 7: Summary of Analysis and Recommendations
A privacy impact assessment for NetSupport was conducted to determine if there were any privacy, confidentiality and security issues associated with NetSupport, and if so, to make recommendations for their resolution or mitigation.
This document summarizes Statistics Canada's assessment of the privacy implications of NetSupport. It includes a review of the privacy principles as they apply to the NetSupport.
While potential privacy concerns have been identified and the generic privacy impact assessment addressed some concerns, this assessment concludes that, with the existing Statistics Canada safeguards, any remaining risks are either negligible or are such that Statistics Canada is prepared to accept and manage the risk.
Section 8: Breach protocol
NetSupport meets agency standards for both IT and physical security. It includes controlled physical access to the server for authorized personnel only, password protection for access to the server and to the database/tool, configuration and use of a firewall. For this reason, the threat and risk assessment (TRA) grid rates unauthorized access by either Statistics Canada employees or individuals outside Statistics Canada as low probability.
Upon discovery of an actual or suspected privacy breach (however unlikely), the following steps, in accordance with the Statistics Canada Information and Privacy Breach Protocol, would be taken:
- Immediate notification of the Chief Security Officer and the Chief Privacy Officer. Response could include suspending operation of NetSupport activities.
- In collaboration with Departmental Security and IT Security, there would be an internal investigation that would include recommendations to prevent any recurrence. Any investigation would document in detail the circumstances that gave rise to the privacy breach, and determine what information may have been breached, the impact of the breach, and what measures have been introduced to eliminate the risk of any subsequent breach.
- In the case of a "material privacy breach", in accordance with the TBS Directive on Privacy Practices, Statistics Canada would notify the Office of the Privacy Commissioner (OPC) and the Treasury Board Secretariat (TBS). "Material breaches" are those involving sensitive personal information and that could reasonably be expected to cause serious injury or harm to the individual.
- Depending on the nature of the breach, impacted individuals would be provided with an explanation of the situation and the steps being taken to remove the information from the possession of those not authorized to have it. Individuals would also be informed that they have the right to file a complaint with the Office of the Privacy Commissioner (OPC). The OPC and TBS would be informed of the individual(s) whose information was disclosed, the investigation and what actions have been taken to prevent a re-occurrence.
Section 9: Supplementary Documents List
Appendix 1 – PIA Summary
Appendix 2 – Notification Statements for Survey Respondents
Appendix 1 – PIA Summary
NetSupport
Privacy Impact Assessment Summary
Introduction
The NetSupport software is required for our organization to be able to provide an effective Quality Control Monitoring Program. It will enable supervisors to provide comprehensive feedback to data collection clerks on core competencies in areas that cannot otherwise be addressed via auditory observation alone. This assessment illustrates that the risks involved with using NetSupport are far outweighed by the crucial function it provides. The application is essential for providing the necessary training, support and coaching data collection clerks need to meet our high standards for data quality control.
Objective
A privacy impact assessment was conducted to determine if there were any privacy, confidentiality and security issues associated with using NetSupport for the Quality Control Monitoring Program, and if so, to make recommendations for their resolution or mitigation.
Description
Statistics Canada has a legislative mandate under the Statistics Act to collect survey information from respondents on various topics. To fulfill this mandate, the agency is responsible for the objectives of maintaining high standards for quality control and conducting effective performance management of employees. The current Quality Control Monitoring Program was established in the regional offices in pursuit of achieving these objectives, however the program is rendered ineffective by the absence of visual observation for telephone interviews.
The NetSupport software is a third-party application that will address the need to have visual observation during monitoring sessions of telephone interviews. For our usage, the application will allow a set of users (i.e., Data Collection Supervisors) to conduct visual observation of other users' desktop screens (i.e., data collection clerks) for the sole purpose of performance management and quality control. The software will enable supervisors to evaluate in real-time the data collection clerk's skills, ensure data quality and identify areas for improvement in the interviewing process. As a result, the quality and level of detail supervisors can provide to data collection clerks for their performance feedback is greatly enhanced. At no point will the information viewed via NetSupport be recorded, collected or saved by the software.
For privacy impacts related to NetSupport, measures are in place to ensure that the impacted parties are informed. Data collection clerks are made aware of the possibility of being observed via their collective agreement, the training they receive and the interview script they read. Respondents of Statistics Canada surveys are made aware of monitoring at the beginning of the interview via the standard statement in our survey scripts that indicates a supervisor may listen to the call for quality control purposes.
Although NetSupport will not be saving/recording information, users of the software will have access to view the respondent's personal information while it is visible on the data collection clerks' screen. This may contain personally identifiable information such as names, addresses, ages, and other demographical information, as well as responses to our survey questions. Given the confidential nature of this information, the use of NetSupport will be restricted to supervisors and managers who have taken the Oath of Secrecy. These employees receive training on how to handle and protect confidential information that is subject to the Privacy Act and the Statistics Act.
Our organization is taking the necessary precautions to limit the number of risks involved with using NetSupport for respondents and employees. For example, the use of NetSupport will be limited to observing work-related performance only and for limited durations (e.g., 20 minutes). The user settings for NetSupport will also be restricted so that features that go beyond the purposes of monitoring performance will be disabled (e.g., recording of audio or video) to ensure it meets our security procedures. Furthermore, permissions for user accounts will be standardized and aligned with internal security procedures.
Risk Area Identification and Categorization
The PIA identifies the level of potential risk (level 1 is the lowest level of potential risk and level 4 is the highest) associated with the following risk areas:
|
a) Type of program or activity Risk scale |
|
|---|---|
| Administration of program or activity and services | 2 |
| b) Type of personal information involved and context | |
| Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program. | 1 |
| c) Program or activity partners and private sector involvement | |
| Within the institution (among one or more programs within the same institution) | 1 |
| d) Duration of the program or activity | |
| Long-term program or activity. | 3 |
| e) Program population | |
| The program's use of personal information for internal administrative purposes affects certain employees. | 1 |
| f) Personal information transmission | |
| The personal information is used in a system that has connections to at least one other system. | 2 |
| g) Technology and privacy | |
|
The NetSupport software will be used to support the existing quality control and performance management program of the regional offices. It will assist supervisors with fulfilling their responsibility of monitoring telephone interviews and provide performance feedback. It does not collect, create or handle personal information. Aside from the request for the NetSupport Manager application itself, no new electronic systems or applications are needed to support the program in terms of creation, collection or handling of personal information. It is important to note that the surveillance purposes of the program are restricted to improving internal quality control practices only. For example, the NetSupport application will be used to observe if the data collection clerk is following procedures, entering data correctly and using appropriate techniques such as probing. The responses provided in a questionnaire by the respondent are not particularly relevant to the user who is accessing the information. They are a by-product of the quality control work, and not the main focus. Irrespective of the relevance of the data, all confidential information that is observed via NetSupport will be protected under the Statistics Act Oath of Office that is taken by the NetSupport user and the guidelines of the Values and Ethics Code. This protection applies to the data collection clerk's activities as well as the respondent's participation. |
|
| h) Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee. | |
|
The potential risk of a privacy breach involving our organization's use of NetSupport is very low. The impact of a privacy breach on the individual or employee will be very limited due to the measures in place. Statistics Canada has legislation and practices that reduce and mitigate the potential risks involved in handling confidential information. Data Collection Supervisors will be using the NetSupport software for visual observation while conducting a monitoring session of the data collection clerk's telephone interview. These supervisors are deemed employees who have sworn an Oath of Office to protect the confidential information they encounter during their work activities. For their jobs, they handle and encounter confidential information on a daily basis and must adhere to the guidelines and repercussions of the Statistics Act and the Privacy Act. Statistics Canada is taking precautionary measures to reduce the impacts for individuals and employees regarding the use of NetSupport. For example, we are disabling features within the application that would pose additional privacy risks, such as recording, so that it cannot save or retain information. Also, the application will solely be used for the purpose of monitoring work activities of data collection clerks and helping supervisors conduct performance management. These restrictions provide an accountability framework for limiting the possibility for confidential information to be disclosed improperly. |
|
| i) Potential risk that in the event of a privacy breach, there will be an impact on the institution. | |
|
The potential risk for a privacy breach involving NetSupport to impact the institution will be very limited due to the measures in place. The practices and safeguards for using NetSupport will offer reasonable layers of accountability in the event that confidential information viewed via NetSupport is improperly disclosed. This organizational infrastructure will allow for a breach to be dealt with efficiently in a manner that reduces the impact on the institution. For example, the regional offices will be responsible for managing users of the program and ensuring their work activities adhere to the requirements of the Statistics Act. The checks and balances that exist within the reporting structure of the regions will help to ensure that users are held accountable for their use of NetSupport. In the event of wrongful disclosure of confidential information, users of NetSupport will be subject to the same recourse as for activities undertaken for general statistical programs (see Generic Privacy Impact Assessment for Statistics Canada's Statistical Programs.) . Furthermore, since the application will not be used to retain or store data there is a reduced risk for mishandling of information. |
|
Conclusion
This assessment of NetSupport did not identify any privacy risks that cannot be managed using existing safeguards.
Appendix 2 – Notification Statements for Survey Respondents
Statistics Canada takes responsibility for ensuring that privacy concerns related to quality control are addressed with respondents during computer-assisted telephone interviews. The following quality control monitoring statement will be included in the interview script to notify respondents that the call may be monitored:
"A supervisor may listen to this call solely for quality control purposes, with a strict commitment that the content of the call will never be collected or used for any other purposes."
Statistics Canada also takes measures to ensure respondents are informed that the information they provide is collected under the authority of the Statistics Act. Statements like the example below are included on the Statistics Canada website, interview scripts and the introduction letters that are sent to respondents:
Statistics Canada's mandate is stipulated in the Statistics Act, which gives it the authority to collect information and outlines its obligation to protect the confidentiality of this information.