Final audit report
Confidentiality of Sensitive Statistical Information
Internal Audit Services
September 30, 2009
- Background
- Authority
- Audit Objectives
- Scope and Approach
- I – Physical access controls
- II – Electronic access controls
- III – Personnel controls
- IV – Operational controls
Appendix A - Audit Criteria
Appendix B - Acronyms
Executive summary
Statistics Canada is committed, and legally required, to protect the confidentiality of sensitive statistical information entrusted to the agency under the Statistics Act. It is crucial for the agency to develop and maintain a trust relationship with survey respondents in order to be able to deliver its mandate successfully, and provide Canadians with statistical information of high quality. Confidentiality is the affair of everyone in the organization.
The objective of this audit was to assess whether controls are in place and are effective to protect the confidentiality of sensitive statistical information including:
- physical access controls,
- electronic access controls,
- personnel controls, and
- operational controls
The controls were examined both at the departmental and selected survey levels.
The audit was conducted by Internal Audit Services in accordance with the Government of Canada’s Policy on Internal Audit.
The audit found that the controls protecting the confidentiality of sensitive statistical information are adequate. Opportunities exist to advance the risk management practices in two areas; however this does not affect the overall assessment. These areas include physical and electronic access controls. Additionally, a divisional best practice was identified.
Physical access controls are satisfactory, but some weaknesses have been identified. Opportunities exist to improve the risk management practices related to securing work areas beyond the baseline level. Also identified were: a postcard type questionnaire requiring confidential information from respondents that is mailed in an open fashion, creating confidentiality issues; the security practices of field interviewers need to be tightened; and divisional employees working in an environment, secured beyond the baseline level, do not lock up confidential information after work hours.
The audit found that electronic access controls contain some weaknesses, and that opportunities exist to strengthen the control framework. The required encryption program to protect the confidentiality of data is not installed on all portables. Managerial monitoring of access rights and permissions to workstations and servers should be improved.
A best practice was observed within the Labour Statistics Division and is worthy of consideration by other divisions. Electronic access rights in the division are closely monitored and reviewed continuously.
The audit found that personnel and operational controls are effective.
Summary Results
The confidentiality of sensitive statistical information is multi-layered and includes controls in the areas of physical and electronic access controls, and personnel and operational controls.
The confidentiality of sensitive statistical information is protected, but opportunities exist to advance the risk management practices related to physical and electronic access controls.
Additionally, a divisional best practice was identified relating to monitoring of access rights.
Introduction
Background
The confidentiality of sensitive statistical information is a key value and a legal necessity at Statistics Canada (StatCan)1. In 2005, a middle management task force was created to recommend measures that would enhance and strengthen the culture of confidentiality within Statistics Canada. The task force made recommendations to increase awareness of risks and responsibilities, and to promote and improve good security practices.
Statistics Canada's mandate derives primarily from the Statistics Act. The Act requires that the Agency collect, compile, analyse and publish statistical information on the economic, social, and general conditions of the country and its citizens. Statistical information is crucial as it enables Canadians to make informed decisions and governments at all levels to develop appropriate policies. Survey respondents range from Canadian households to private and public organizations. Most business surveys require mandatory participation, whereas most of the agency’s household surveys are voluntary (exceptions are the Census of Population and the Labour Force Survey). It is crucial for the agency to develop and maintain a trust relationship with survey respondents in order to deliver its mandate successfully, and provide Canadians with statistical information of high quality. Safeguarding the information provided in confidence is vital, since it is the key factor for obtaining respondents’ cooperation.
Personal and business information is collected using various methods: paper questionnaires, in-person and telephone interviews conducted by agency personnel, electronic data reporting by respondents, and administrative sources. Information collected outside headquarters’ premises is transferred to Ottawa for centralized processing, analysis, and dissemination by different survey and service areas. In addition to agency employees, other external parties also have access to sensitive statistical information under strict conditions described in the Statistics Act. Examples are provincial statistical agencies, sponsoring federal departments, and university researchers. The confidentiality of sensitive statistical information must be protected throughout these various modes, locations, and processes.
The control framework is multi-layered. The first level is the Statistics Act which protects respondents’ information. To support the Act, the agency has put in place a number of policies and practices to manage risks of unauthorised access, loss, theft, disclosure, copying or use of sensitive information. Policies in place include: the Policy on the Security of Sensitive Statistical Information, the Policy on Microdata Release, the Discretionary Release Policy, the Policy on Record Linkage, the Policy on Informing Survey Respondents, the Policy on the Use of Deemed Employees, and the IT Security Policy. Furthermore, Statistics Canada’s Security Practices Manual provides more detailed and complementary information to agency policies and the Government Security Policy. A number of management committees with mandates related to security are also in place: the Confidentiality and Legislation Committee and its Microdata Release Sub - Committee, the Informatics Committee, and the Security Coordination Committee. Finally, the Data Access and Control Services Division provides advice to managers, and serves as the focal point for matters relating to the confidentiality of statistical information.
During the conduct of the audit, Statistics Canada hired a consulting firm to conduct a Threat and Risk Assessment of access to buildings, and to recommend options for the replacement of the existing technical access control system which had been in place since 2002. This assessment did not include the regional offices. The firm presented a report in July 2007 which included a number of recommendations. This document served as additional reference material for the audit.
Authority
The audit was undertaken by the Internal Audit Services, and the Terms of Reference were approved by the Internal Audit Committee on March 28, 2007. The audit was conducted in accordance with the Government of Canada’s Policy on Internal Audit.
Audit Objectives
The objective of this audit was to assess whether controls are in place and are effective to protect the confidentiality of sensitive statistical information including:
- physical access controls
- electronic access controls
- personnel controls, and
- operational controls
The controls were examined both at the departmental and selected survey levels.
The table found in Appendix A provides a summary of the audit criteria used. These were selected during a pre-planning review with StatCan management, based upon potential risks, and an understanding of the management control framework, Statistics Canada operational requirements, and previous reviews and/or audits.
Scope and Approach
There are three buildings at head office in Ottawa, and three regional offices with satellite offices attached to them. The scope of the audit included an assessment of the three buildings at head office, one regional office ( the Eastern Regional Office in Montreal), and one of its satellites (Sherbrooke).
When the Terms of Reference were approved in March 2007, the Government Security Policy referred to sensitive statistical information as "protected B". This included:
- data obtained directly from respondents or from third parties in identifiable mode under the authority of the Statistics Act;
- data holdings stripped of identifiers but held in a detail or geographical structure or format which could permit a direct relation to be established between such data holdings and identifiable units;
- official statistical information in the pre-release stage.
During the course of the audit, it was determined that paradata2 was included in the above. This change was taken into account during this audit.
Due to operational reasons, official statistical information in the pre-release stage and statistical information in research data centres were not included in the scope. Some of these areas will be covered by other audits found in the 2008-2009 / 2010-2011 Risk-Based Audit Plan.
The audit was designed to gather data on the measures actually used to safeguard the confidentiality of sensitive statistical information, and employees’ awareness of the importance of that confidentiality. The audit was conducted at the departmental level, and at specific survey levels. Five surveys were selected, taking into consideration the collection method, collection period, survey periodicity, and survey type. They were the International Travel Survey, the Labour Force Survey, the National Longitudinal Survey of Children and Youth, the Survey of Environmental Protection Expenditures, and the Trucking Commodity Origin and Destination Survey.
The work included:
- Conducting personal interviews with all levels of employees in the various divisions at Head Office which were involved directly with the surveys selected, or that provided the agency with central services associated with the security of sensitive statistical information;
- Conducting personal interviews with all levels of employees at the Montreal Regional Office and the Sherbrooke Call Centre;
- Reviewing electronic and paper files, including testing of electronic data access and encrypted laptops;
- Conducting a sweep (physical inspection) of the Head Office locations most likely to have sensitive statistical information from the five surveys; and
- Analyzing the results of a questionnaire sent to a sample of 59 interviewers, representing all three regional offices.
Findings, Recommendations and Management Responses
I – Physical access controls
Physical access controls include: access to buildings is restricted; access to secured areas within the premises is restricted; information is physically transmitted to, within, and outside StatCan according to approved standards; information is stored, marked and disposed of according to approved standards; physical access to servers and mainframe is restricted; and repair of computer equipment is carried out on StatCan premises by StatCan employees.
The physical access controls were working as intended. Building entrances are secured and information is kept confidential; however, opportunities exist to advance the risk management practices relating to the confidentiality of statistical information. Improving the effectiveness of the confidentiality framework requires management to focus on secured work environments and the safety of information.
Buildings are secure but secured areas within require directives
Statistics Canada’s building access controls, including those at Head Office, the Montreal regional office, and the Sherbrooke location, are effective. The system of controls includes gates, guards and video cameras, including a new security and camera system installed at Head Office in 2008, to enhance monitoring in the buildings.
The audit found that the requirements of Statistics Canada’s policy on Security of Sensitive Statistical Information are met; however, the agency is not compliant to the criteria outlined in paragraph 10.7 of the Government Security Policy relating to safeguard beyond the baseline level3. This paragraph states that "Departments must conduct ongoing assessments of threats and risks to determine the necessity of safeguards beyond baseline levels. They must continuously monitor for any change in the threat environment and make any adjustment necessary to maintain an acceptable level of risk and a balance between operational needs and security". The audit team did not find any monitoring or assessments of threats and risks to support this requirement.
Instances of controls beyond the baseline level were identified, but they are random decisions rather than risk based. For example, secured areas in the Main building are the results of other tenants occupying the premise. Additionally, the decision to secure access to divisions in the other buildings is primarily made by the director, based on perceived risks and funds available. Some areas may be facing higher risks but may not have a secured access.
As an additional control to complement secured areas with baseline level secured entrances, employees are asked to challenge unknown people in their work areas. This control might be effective in small work areas; however, in a building such as the Jean Talon where floors are large and are shared by many divisions with no recognizable perimeter between them, this control has its limitations.
Two divisions handling surveys in our sample did not have secured entrances within the building. The Labour Force Survey (LFS) was in final processing mode during the sweep that we conducted. Additionally, the Survey of Environmental Protection Expenditures was not in production, therefore it was challenging to assess whether a secured work area was necessary. In both cases, a threat and risk assessment to determine the necessity of safeguards beyond the baseline levels would be helpful to advance the risk management practices.
The agency should determine the baseline level of security required in relation to the sensitivity of data holdings. A threat and risk analysis should then be conducted to determine zones exposed to greater risks and requiring enhanced security beyond the baseline level. Based on the threat and risk analysis, areas not at high risk would continue to be protected by baseline security.
The agency faces a situation where an incident could have a significant impact. With the absence of agency guidelines on what areas should be secured beyond the baseline level, and the lack of an integrated approach to managing risks emerging from visitors, employees, other tenants, and potentially contractors, the agency exposes itself to greater confidentiality risks that could lead to loss of reputation. Considering the very high number of people working within the complex, there is a risk that someone could have unauthorised access to an area secured at the baseline level, and to sensitive statistical information.
Recommendation #1
The Assistant Chief Statistician, Corporate Services Field, should ensure that Data Access and Control Services Division (DACS) develop corporate guidelines to ensure a common approach across the agency, and assist the Policy Committee4 through the Security Coordination Committee, in determining the high risk zones by performing threat and risk assessments periodically.
Management Response and Action Plan
Management accepts the recommendation.
DACS proposes a corporate approach to establishing a standard for access control using the "progressive security zones", as per the Policy on Government Security. The standard would be used to approve additional access control devices.
This proposal will be presented to the Security Coordination Committee in the fall.
Deliverable and timeline:
Presentation of directives to the Security Coordination Committee
Results will then be presented to the Policy Committee
Director, Data Access and Control Services – Fall 2009
Safety of information
Sensitive information is physically transmitted inside and outside Statistics Canada according to approved standards, but the audit team found two issues requiring specific attention.
A "postcard" type questionnaire used by the International Travel Survey (ITS), which respondents are asked to mail once completed, is a confidentiality risk. ITS divisional employees ask respondents to complete and mail the postcard. On the postcard, it says "Confidential once completed". This process is ambiguous at best, and does not project an image of discipline and rigour when transmitting information deemed confidential. If this peculiar situation is noticed by the Canadian public, and specifically by the press/media, Statistics Canada’s reputation may be tarnished. The risk is that our respondents may perceive that we do not treat confidentiality with the attention it requires.
It is also expected that sensitive statistical information should be locked up after working hours. An audit test consisting of a sweep of selected areas was conducted after hours on January 28 and 31, 2009. The intent was to determine whether confidential material was locked up using approved containers and locks, and to ensure that keys to containers and locks were properly secured. Usage of A/B switches, and of personal digital assistants, was also verified to ensure compliance with policies.
The sweep results demonstrated that the Operations and Integration Division, which is a secured area with restricted access, was not in compliance with the expectation of adequate storage of sensitive statistical information at the end of the work day.
Management indicated that the area is secured with restricted access, and that storing all sensitive statistical information at the end of each day would be time consuming and counterproductive. Should access to the secured area be breached, there would be no mitigating controls to secure the information. In addition, within the secured area, information should only be made available on a "needs to know" basis. Management of the area is working on an implementation plan that would see the paper questionnaires scanned, with only the electronic version circulating afterwards.
Field interviewers receive strict written directives from Statistics Canada regarding the handling of confidential material such as questionnaires, laptops, and address lists, when working outside the home, and regarding the securing of this material at home. To assess the directives, the audit team conducted a survey of field interviewers. The survey results indicated that field interviewers, when outside the home, ensured the confidentiality and security of material effectively; however, the survey results also indicated that 50% of field interviewers do not lock up their material at home when completing their work day.
Re-enforcement of directives and enhanced attention is required with regards to the storage of confidential material in the home of field interviewers. Loss of sensitive statistical information by field interviewers would affect the confidence of respondents in Statistics Canada, and could prevent the department from attaining its objective.
Recommendation #2
The Assistant Chief Statistician, Social, Health and Labour Statistics Field, should ensure that the Tourism and the Centre for Education Statistics Division, in conjunction with Data Access and Control Services Division, find a solution to the visible discrepancy found on the International Travel Survey postcard.
Management Response and Action Plan
Management accepts the recommendation.
TCESD agrees that "confidential once completed" on the postcard questionnaire is illogical. Since there is no identifiable information on the completed questionnaire, we agree to drop this wording. Furthermore, the issue will disappear with the current redesign of the survey, as we will get rid of the postcard questionnaires.
Deliverable and Timeline:
Revised questionnaire
Assistant Director, Tourism and Centre for Education Statistics Division – August 2010
Recommendation #3
The Assistant Chief Statistician, Census and Operations Field, should ensure that regional office management increase the awareness of field interviewers regarding the importance of the confidential material in their possession as well as their accountability and consequences.
Management Response and Action Plan
Management accepts the recommendation.
We will revise our documentation and interviewer training materials concerning the importance of protecting documents/confidential information, and the various mechanisms to be introduced for this purpose. Accordingly, we will adjust the content of the training manual to reflect what is set out in the Code of Conduct.
When new employees receive basic training, supervisors or managers will ensure that everyone has a good understanding of his/her roles and responsibilities, as an interviewer or senior interviewer, in Statistical Survey Operations relating to confidentiality, protection of information, and security.
Using various means of communication (pamphlets, meeting with employees, etc.), we will further emphasize the importance of confidentiality and data security to employees, and reinforce their accountability with respect to managing information in the collection process.
Deliverable and Timeline:
Reinforcement of confidentiality of information
Revision of our guidelines and preparation of an action plan
Director, Regional Management Services Division - Fall 2009
Implementation
Regional Directors - Winter 2010
Recommendation #4
The Assistant Chief Statistician, Census and Operations Field , should ensure that Operations and Integration Division store the confidential material at the end of the day.
Management Response and Action Plan
Management accepts the recommendation.
OID is in the process of removing the risk for paper questionnaires by moving our imaging equipment to a secured room, with the plan to image all questionnaires at this entry location. Paper questionnaires would then be moved to secure storage until they can be disposed of appropriately. The equipment is to be moved the fall of 2009, and a schedule for converting all paper surveys to digital images will be prepared. This process should be completed within 1 year. All access to questionnaires will be via digital images in the content management system FileNet where access is tightly controlled.
Deliverable and Timeline:
Digital images of all questionnaires
Director, Operations and Integration Division - September 2010
II – Electronic access controls
Electronic access controls include: workstations and servers are configured with access controls; information is transmitted electronically within and outside Statistics Canada according to approved standards; storage of information on removable storage media follows ITSD approved security procedures; information is processed, stored, accessed or transmitted only on Network A; all portable computers have full storage encryption approved by ITSD; and computers are sanitized before disposal using ITSD approved methods.
The audit team observed that workstations and servers have electronic access controls maintained by the Informatics Technology Services Division (ITSD); however, monitoring performed by the divisions to grant or remove permissions is performed sporadically. Furthermore, the audit found that only 75% of non-interviewer laptops had the approved encryption program installed.
Workstations and servers have access controls
ITSD electronically maintains access to workstations and servers; however, the authority to grant and/or remove accesses is the responsibility of the divisional directors. The audit team observed that the managerial monitoring to grant or remove access permissions to workstations and servers vary from one division to the next. Consequently, the monitoring of electronic access to workstations and servers is performed sporadically.
The process for granting permissions is efficient, and runs well. Improvements are required in the removal of permissions when access is no longer required. In most cases, those responsible for removing access rely on the employees who originally asked for access to inform them of changes. Controls are effective for employees leaving their division, but the controls become ineffective for service area users, and other users from outside the division. Management monitoring, consistent with processes in place for the Labour Force Survey (LFS – identified further in this section), would improve the monitoring and risk management of confidential files.
The audit team identified a best practice within the LFS management of access rights. LFS managers assess the electronic files according to risks and confidentiality. Very few employees have access to the most confidential files. To gain access, a request must be submitted through the case management system, and an authorization form signed by the director is required. Upon submitting the request, a password to access the files is issued. Permissions to access the LFS confidential files are given for a three month period, and monitoring of access rights to servers is performed continuously.
Recommendation #5
The Assistant Chief Statisticians, Corporate Services Field and Informatics and Methodology Field should ensure that:
- Data Access and Control Division, in conjunction with Informatics Technology Services Division, issue clear guidelines relating to the sensitivity of data and the management of permissions to access servers/shared folders;
- Informatics Technology Services Division will continue to grant and remove access when requested to do so, and to develop tools to further automate this process.
All the Assistant Chief Statisticians must ensure that the guidelines are implemented.
Management Response and Action Plan
Management accepts the recommendation.
Divisional directors are responsible for the implementation of the need to know principle regarding file access. DACS, in collaboration with ITSD, will develop a set of guidelines regarding file access management. DACS will communicate these guidelines to divisional directors. This should be completed by the end of December 2009.
ITSD will continue to grant and remove access to servers and shared folders as per the divisional requests.
ITSD will automatically reset permissions and group access when an employee changes division.
Deliverable and timeline:
Guidelines sent to divisional directors – December 2009
Director, Data Access and Control Division
Director, Informatics Technology Services Division
Installation of Encryption Programs on Portables
Statistics Canada has a directive to have an encryption program installed on all portables. The audit team expected to find the ITSD approved encryption program (Pointsec technology) installed on all portables.
During the conduct of interviews with the LAN administrators and departmental IT security, the auditors were informed that most portables had the encryption program installed. A further audit test was conducted on a judgmental sample of portables. The test results indicated that the majority of portables in the sample had the encryption program installed. Further interviews were conducted with representatives of the departmental IT security; additionally, a comparison of the departmental portable key file with AMMIS (the inventory system) was performed. The results indicated that only 75% of non-interviewer portables have the program correctly installed. It should be noted that all interviewer portables have the encryption program installed. The auditors verified if the encryption program could be deactivated by the employees. The test results demonstrate that the encryption program cannot be deactivated or removed by the employees. IT security has sent an e-mail to directors asking for their support in this matter.
A breach of confidentiality may occur should a portable without an encryption program and containing confidential information be lost.
Recommendation #6
The Assistant Chief Statistician, Informatics and Methodology Field, should ensure that Informatics Technology Services Division security monitor the progression of the installation of the Pointsec technology on laptops, and report the results to the Security Coordination Committee on a quarterly basis until full compliance is achieved.
Management Response and Action Plan
Management accepts the recommendation.
The Statistics Canada laptop inventory can be divided into two broad categories: Those for use by interviewers in the field, and non-interviewer laptops. The interviewer laptops are managed and maintained by Collection and Planning Management Division (CPMD); and as part of their deployment process, all the laptops are encrypted.
Non-interviewer laptops are maintained by the ITSD Enterprise Desktop Support Section (EDSS). As of July 2009, 84% of these laptops were reported compliant and had their encryption recovery file recorded in ITSD. As for the remainder of the laptops, they are either not encrypted, or they are encrypted and their encryption recovery file simply had not been reported. The following action plan is proposed to address those.
The general tasks include locating each of the laptops, making sure they are encrypted, and copying over the recovery file. The AMMIS system will be used to identify the active laptops. The ITSD EDSS group will work with each Field, and identify a Field representative that will be responsible for ensuring compliance. Reports will be provided to Field representatives to monitor progress.
The Director of ITSD will report to the Security Coordination Committee on a quarterly basis on the progress made on compliancy.
Deliverables and timeline:
Monitoring reports for Field representatives – December 2009
Quarterly report to Security Coordination Committee - Ongoing
Director, Informatics Technology Services Division
III – Personnel controls
Information on confidentiality is regularly communicated to all employees.
Statistics Canada uses a variety of methods to promote security and confidentiality of statistical information. These include training, manuals, e-mails, articles in the @statcan, special events, and posters. The audit team found that the methods used to communicate to departmental and Regional Operations Branch employees in order to promote security and confidentiality are effective. Interviews conducted with employees located in Ottawa, and in the Regions, indicated that security and confidentiality is understood by employees.
The evidence collected indicated that personnel controls are in place and are effective. Accordingly, recommendations are not necessary.
IV – Operational controls
Personal identifiers are removed from statistical master files as soon as no longer required, and breaches of confidentiality are reported to the Chief Statistician.
The audit team expected to find that personal identifiers are removed from statistical master files. The audit test conducted indicated that social surveys identifiers are removed early in the process, while economic surveys personal identifiers are removed much later. Auditors were concerned with this issue and probed further. It was established that economic surveys’ personal identifiers are required throughout the analysis stage, but they are removed when no longer necessary.
There are many sources of information instructing employees to report potential breaches of confidentiality. This includes the 2007 Policy on the Security of Sensitive Statistical Information, the Security Practice Manual, chapter 2 (revised in summer of 2007), and the Confidentiality Awareness Web Site.
Regionally, the risk of having a breach of security is much higher during the collection phase. The audit team found evidence that clear procedures exist to report a breach of security. Interviewers and senior interviewers receive written instructions on how to report any lost confidential material, including reporting the loss or theft of laptops immediately. Ultimately, the regional director is informed, and corrective measures are taken. The audit team observed documented corporate files relating to confidentiality breaches. The procedures in place were followed, and appropriate correctives measures were implemented.
The evidence collected indicated that operational controls are in place and are effective. Accordingly, recommendations are not necessary.
Appendix A
Objectives | Audit criteria |
---|---|
Physical access controls | 1. access to buildings is restricted 2. access to secured areas within premises is restricted 3. information is physically transmitted within and outside StatCan according to approved standards 4. information is stored, marked and disposed of according to approved standards 5. physical access to servers is restricted 6. repair of computer equipment is carried out on StatCan premises by StatCan employees |
Electronic access controls | 7. workstations and servers are configured with access controls 8. information is transmitted electronically, within and outside Statistics Canada, according to approved standards 9. storage of information on removable storage media follows ITSD approved security procedures 10. information is processed, stored, accessed or transmitted only on Network A to prevent unauthorised access from the public 11. all portable computers have full storage encryption approved by ITSD 12. computers are sanitized before disposal using ITSD approved methods |
Personnel controls | 13. information on confidentiality is communicated regularly to all employees |
Operational controls | 14. personal identifiers are removed from statistical master files and stored separately from master files as soon as they are no longer required for data processing 15. breaches of confidentiality, should they occur, are reported formally to the Departmental Security Officer who informs the Chief Statistician |
Appendix B
AMMIS | Automated Materiel Management Information System |
---|---|
CAPI | Computer Assisted Personal Interview |
CATI | Computer Assisted Telephone Interview |
DACS | Data Access and Control Division |
DARS | Data Access Request System |
EDSS | Enterprise Desktop Support Services |
ITS | International Travel Survey |
ITSD | Informatics Technology Services Division |
LFS | Labour Force Survey |
NLSCY | National Longitudinal Survey of Children and Youth |
OID | Operations and Integration Division |
PAPI | Paper and Pencil Interview |
RO | Regional Office |
SEPE | Survey of Environmental Protection Expenditures |
StatCan | Statistics Canada |
TCOD | Trucking Commodity Origin and Destination Survey |
Note
- Acronyms are defined in Appendix B
- Paradata is information related to a statistical data collection or production process that is linked to an identifiable person, business or organization. Usually this is the type of information that is useful to interviewers (i.e. best time to call, type of respondent, etc.)
- The baseline level for Statistics Canada consists of the perimeter security, which includes cameras, guards and gates.
- Committee structure is a critical aspect of governance at Statistics Canada. Issues are first discussed at a management committee such as the Security Coordination Committee. The Security Coordination Committee Chairperson(s) will then present the results of the deliberations to the Policy Committee which will render a decision if required. The Policy Committee is chaired by the Chief Statistician and oversees all the committees.