Introduction
The Treasury Board Secretariat (TBS) and Statistics Canada (StatCan) have partnered to administer the 2022/2023 cycle of the Public Service Employee Survey (PSES). Federal public servants will be invited to complete the survey. The PSES will support the development of action plans and strategies to meet the needs of public servants and address any issues identified.
Objective
A privacy impact assessment for Public Service Employee Survey was conducted to determine if there were any privacy, confidentiality or security issues with this activity and, if so, to make recommendations for their resolution or mitigation.
Description
This voluntary survey, which will be collected from November 21, 2022 to February 5, 2023, is conducted under the authority of the Statistics ActFootnote 1 . It is planned that this partnership will continue; with the PSES to be collected every two years, and other data collection activities happening in alternate years. In the past, Statistics Canada conducted the PSES every three years, with no alternate year activities.
The project also includes a Collection Rate Reporting Tool which will allow federal departments and agencies to see daily reports of the number, and percentage, of questionnaires that have been submitted during the collection period. This information will help assess where additional efforts should be made to encourage participation. No personal information is shared via this Tool.
Risk Area Identification and Categorization
The PIA identifies the level of potential risk (level 1 is the lowest level of potential risk and level 4 is the highest) associated with the following risk areas:
a) Type of program or activity
Program or activity that does NOT involve a decision about an identifiable individual.
Risk scale: 1
b) Type of personal information involved and context
Social Insurance Number, medical, financial or other sensitive personal information or the context surrounding the personal information is sensitive; personal information of minors or of legally incompetent individuals or involving a representative acting on behalf of the individual.
Risk scale: 3
c) Program or activity partners and private sector involvement
With other government institutions.
Risk scale 2
d) Duration of the program or activity
Long-term program or activity
Risk scale 3
e) Program population*
* The program's use of personal information is not for administrative purposes. Information is collected for statistical purposes, under the authority of the Statistics Act.
Risk scale: N/A
f) Personal information transmission
The personal information is transmitted using wireless technologies.
Risk scale: 4
g) Technology and privacy
Does the new or substantially modified program or activity involve implementation of a new electronic system or the use of a new application or software, including collaborative software (or groupware), to support the program or activity in terms of the creation, collection or handling of personal information?
No
Does the new or substantially modified program or activity require any modifications to information technology (IT) legacy systems?
No
Specific technological issues and privacy:
Does the new or substantially modified program or activity involve implementation of new technologies or one or more of the following activities:
- enhanced identification methods (e.g., biometric technology);
- surveillance; or
- automated personal information analysis, personal information matching and knowledge discovery techniques?
No
h) Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee.
The impact on the GOC employee could be reputational, embarrassment and/or inconvenience.
i) Potential risk that in the event of a privacy breach, there will be an impact on the institution.
The impact on the institution could be legal, reputational and/or could affect relationships with stakeholders.
Conclusion
The assessment on the Public Service Employee Survey did not identify any additional privacy risks that are not already identified in the Generic PIA in regards to statistical activities that cannot be managed using the safeguards in place.