Introduction
Statistics Canada is modernizing its methods of data access to improve its service to users of Statistics Canada data. The goal of modernization is to fully realize the potential of the data holdings created for the public good and increase collaboration and partnerships between data users and providers while ensuring that all data assets are protected against unauthorized use and disclosure.
Objective
This privacy impact assessment identifies and explores privacy, confidentiality and security issues associated with the use of video surveillance monitoring (camera monitoring) in secure facilities designed for the purposes of data access and makes recommendations for issue resolution or mitigation.
Description
Statistics Canada is planning on expanding controlled access to anonymized microdata for statistical research projects, by establishing Secure Access Points on the premises of federal, provincial, territorial, and municipal governments, universities, and other organizations. Each Secure Access Point is a secure Statistics Canada facility that meets Statistics Canada's departmental security standards for data access, including controlled access monitoring. Any data stored on these premises remain under the care and control of Statistics Canada and subject to the confidentiality provisions of the Statistics Act.
In each Secure Access Point, video surveillance cameras will be used to monitor activity and access. Only Statistics Canada employees and deemed employees (individuals providing statistical services to Statistics Canada under contract or written arrangement) will have access to the microdata within Secure Access Points.
Statistics Canada's use of the camera monitoring includes making recordings of activities in the secure designated room to offer enhanced protection of employees and assets.
Risk Area Identification and Categorization
The PIA also identifies the risk areas and categorizes the level of potential risk (level 1 representing the lowest level of potential risk and level 4, the highest) associated with the collection and use of personal information of employees.
- Type of program or activity – Level 2: Administration of program or activity and services.
- Type of personal information involved and context – Level 1: Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program.
- Program or activity partners and private sector involvement – Level 3: With other institutions or a combination of federal, provincial or territorial, and municipal governments.
- Duration of the program or activity – Level 3: Long-term (ongoing) program.
- Program population – Level 1: The program's use of personal information for internal administrative purposes affects certain employees (or deemed employees).
- Personal information transmission – Level 3: The personal information is transferred to a portable device (i.e., USB key, diskette, laptop computer), transferred to a different medium or is printed.
- Technology and privacy: The new project involves the implementation of a new electronic system to support the program but does not involve the implementation of new technologies.
- Privacy breach: There is a very low risk of a breach of some of the personal information being disclosed:
a) The impact on the employee would be minimal as it would only divulge a digital recording of the individual taken in the Secure Access Point.
b) The impact on the institution would be minimal due to the low sensitivity of the information.
Conclusion
This assessment concludes that, with the existing Statistics Canada safeguards, any remaining risks are either negligible or are such that Statistics Canada is prepared to accept and manage the risk.