Introduction

The Human Resources Self Serve Portal was developed to provide desktop access to Statistics Canada employees to a wide range of personal and work-related information.

Objectives

A privacy impact assessment of the Human Resources Self Serve Portal was conducted to determine if there were any privacy, confidentiality and security issues, and if so, to make recommendations for their resolution or mitigation.

Description

To make the management of a variety of employee information more efficient, the Human Resources Self Serve Portal was developed and added to Statistics Canada’s Administrative Portal. It resides on a secure internal network and access to the portal is restricted to Statistics Canada employees with a valid Statistics Canada computer account.

Prior to the Human Resources Self Serve Portal, key employee information was kept in numerous data bases and files. Employees did not have direct access to these, so, as a result they had to contact Human Resources Branch. For example if an employee needed to change his/her home or mailing address, or emergency contact, a request had to be made to Human Resources Branch and an officer would then make the requested change on the file of the employee.

With the Human Resources Self Serve Portal, employees can now make changes themselves as well as having access to other personal and work-related information.

Conclusion

This privacy impact assessment did not identify any privacy risks that cannot be managed using either current safeguards or others that have been specifically developed for the implementation of the Human Resources Self Serve Portal.

Introduction

Statistics Canada is installing a new automated access control system that replaces the system that has been in place since autumn 2002. At the same time, Statistics Canada is expanding its closed circuit television monitoring program by increasing the number of cameras and adding the capability to record.

Objective

A privacy impact assessment of the new automated access control system and the closed circuit television monitoring program was conducted to determine if there were any privacy, confidentiality and security issues, and if so, to make recommendations for their resolution or mitigation.

Description

The automated access control system allows Statistics Canada to maintain the security posture required by the Government Security Policy for the protection of both its employees and assets.

This new system introduces enhanced security features, such as physical barriers, to prevent forceful entry and will require employees to “swipe out” when leaving the building. A system log is automatically generated, logging the entry and exit of employees. This feature supports a greater level of safety and security for Statistics Canada employees, in particular when they are in the buildings after normal hours working hours such as evenings and weekends.

Statistics Canada currently uses a limited number of closed circuit television cameras. Based on recommendations following an evaluation of its physical security posture conducted in 2007, it will be increasing the number of cameras, each of which will have the capacity to make a recording. These cameras will be placed in public areas, not in any area where persons would have an expectation of privacy.

The use of any information collected by the access control system and from the recordings made by the CCTVs will be strictly restricted to specific purposes, that is to say, security- and safety-related investigations. In all cases, any authorized use will require the approval of the Departmental Security Officer.

The personal information is part of the Personal Information Bank, Security Video Surveillance and Temporary Visitor Access Control Logs and Building Passes (PSU 907). Upon request, Statistics Canada will provide employees and others with access to their personal information related to this PIB.

Conclusion

This privacy impact assessment did not identify any privacy risks that cannot be managed using either current safeguards or others that have been specifically developed for the installation of a new automated access control system and the increased use of closed circuit television monitoring.

Introduction

In order to conduct the 2006 Census of Population and the 2006 Census of Agriculture, Statistics Canada needs to hire additional temporary staff. To facilitate this process, the Agency provides potential employees with the option of making a job application on-line via its Web site.

Objectives

A Preliminary Privacy Impact Assessment (PPIA) was conducted for the 2006 Census On-line Recruitment Application project. The purpose was to determine if there were any confidentiality, privacy or security issues associated with the project and, if so, to make recommendations for their resolution.

Description

The Preliminary Privacy Impact Assessment came to the following conclusions:

• The project does not involve new or increased collection of personal information - a similar on-line service was offered during the 2001 Census.
• The application requires the collection of less personal information from candidates than was the case in 2001.
• Persons are advised of alternate means of submitting a job application if they choose not to submit one via the Internet.
• A Threat and Risk Assessment was undertaken. It did not identify any risks to confidentiality, privacy or security of the personal information collected or used.

Conclusion

A full Privacy Impact Assessment is not required for the 2006 Census On-line Recruitment Application project.

Introduction

The National Routing System project is a pilot initiative being undertaken to demonstrate the feasibility of setting up a federal-provincial-territorial network that will allow vital event data to be delivered from the "producing" organizations to the authorized "subscribing" organizations. The pilot project must also demonstrate that the information can be delivered in a manner which follows established security protocols designed to protect the privacy of individuals.

Objectives

The rationale for completing a Preliminary Privacy Impact Assessment (PPIA) on the National Routing System Project was to determine if any privacy risks may be associated with the NRS pilot initiative and, if so, to determine possible options for resolving those risks.

Description

The NRS is envisioned as a secure communications network that will ultimately link together provinces and territories (P/Ts), federal departments and agencies for the purpose of providing both real-time and batch exchange of vital event information. This information flow is essential to authenticate identity, to determine program eligibility and entitlement for benefits, and to update vital records databases. It will also enable improvements in data quality, timeliness and cost effectiveness for statistical programs based on vital events.

Conclusion

This Preliminary PIA Report did not identify any privacy risks that would warrant a PIA for the NRS pilot initiative. However, a review should be undertaken of the recommendations made in the Acceptance Pilot Evaluation (March 2006). If NRS design changes are contemplated, an analysis should be undertaken to determine whether or not a PIA is required.

Introduction

The National Contact Centre Telephone Recording Database Program will assist in ensuring that the officers working in the National Contact Centre at Statistics Canada meet the Agency’s Standards of Service to the Public by permitting the efficient monitoring of calls with clients who use the 1-800 line maintained by the Agency. With the information such as how agents interact with clients and how well they are able to answers their inquiries, this will lead to improvement in the quality of data dissemination services provided to clients.

Objectives

A privacy impact assessment for the National Contact Centre Telephone Recording Database Program was conducted to determine if there were any privacy, confidentiality and security issues associated with the introduction of the system, and if so, to make recommendations for their resolution or mitigation. The scope of the assessment looks at privacy risk both in terms of clients and employees who work as agents in the National Call Centre.

Description

Prior to the development of this application, monitoring of client calls in the National Contact Centre for purposes of training and assessment of standards of service required supervisors listen to live incoming calls. This process was not only very time-consuming but there was a risk that personal, non-work calls received by an officer would be heard by the supervisor. To address these two issues, in particular privacy-related risk, the National Contact Centre developed a Telephone Recording Database Program. The system creates digital recordings in the form of “.wav” files of all incoming and outgoing calls from the ACD system (1-800 lines). To address the related privacy issues, measures have been put in place that clarify the use and retention of these recordings.

Conclusion

This assessment of the National Contact Centre Telephone Recording Database Program did not identify any privacy risks that cannot be managed by using new and existing safeguards and procedures.

Introduction

Since 1999, Statistics Canada's Long-term Health Outcomes Studies Program has been a fundamental part of the Health Information Roadmap, a collaborative effort among Statistics Canada, the Canadian Institute for Health Information and Health Canada. Its goal is to meet priority requirements for health information that serves to improve public health and the quality of Canada's health system.

The Long-term Health Outcomes Studies Program is carried out by the Occupational and Environmental Health Research Section of Statistics Canada's Health Statistics Division. The program oversees long-term health outcomes studies based on requests from outside clients such as Health Canada, Public Health Agency Canada, private sector employers, unions and university researchers through cost-recovery contracts.

The program uses databases created from information from Vital Statistics and the Canadian Cancer Registry programs. Occasionally, the Long-term Health Outcomes Studies Program uses additional variables obtained directly from the provinces and territories. It also uses cohort files such as records of individuals from employers and unions, health surveys, medical or clinical records or specific research groups. Finally it uses other Statistics Canada files for study and/or data quality purposes.

Most studies involve record linkages of databases and files in order to look at various health outcomes over extensive periods of time. These linkages require the approval of a senior management committee at Statistics Canada and are done on a case-by-case basis.

Objectives

A privacy impact assessment for Statistics Canada's Long-term Health Outcomes Studies Program was conducted to determine if there were any privacy, confidentiality and security issues associated with the program, and if so, to make recommendations for their resolution or mitigation.

Description

This privacy impact assessment examines the risks related to the use of information on the Canadian Birth, Stillbirth, Cancer and Mortality databases and the management of these databases; receipt of information directly from vital statistics registrars; receipt of cohort files from outside organizations/clients; the processing and linkage of cohort files to the databases; sending study or analysis files to clients either directly or indirectly; and the storage and retention of these files.

All database information and client cohort files are provided the same level of security afforded to all information obtained under the authority of the Statistics Act.

Conclusion

This assessment of the Long-term Health Outcomes Studies Program did not identify any privacy risks that cannot be managed using existing safeguards.

Introduction

The Longitudinal Health and Administrative Data (LHAD) Initiative is a joint research project between the provincial and territorial ministries responsible for health care and public health and Statistics Canada. The LHAD Initiative is the first collaborative project of its kind where personal health information from clinical databases routinely collected through the provincial and territorial health systems will be provided to Statistics Canada to be linked, on a study-by-study basis, with data already held by the Agency from national population health surveys, vital events (i.e., births and deaths) and cancer. The focus of the studies will be statistical in nature such as the analysis of the determinants of health of Canadians.

Objectives

A privacy impact assessment for the Longitudinal Health and Administrative Data Initiative was conducted to determine if there were any privacy, confidentiality and security issues associated with the program, and if so, to make recommendations for their resolution or mitigation.

Description

The LHAD Initiative addresses important health research that can only be undertaken by a central, national organization such as Statistics Canada. Priorities for research and an analytical plan will be established, on an annual basis, in the form of a LHAD Research Agenda. This Agenda will reflect the views of the majority of provincial/territorial LHAD Steering Committee members, who will review all research proposals and identify priorities for Canadian health statistics research to be undertaken by the LHAD Initiative.

Because LHAD research projects will involve the use of linked records, approval on a study-by-study basis will also be required from Statistics Canada's most senior management committee (Policy Committee) in accordance with the Statistics Canada Policy on Record Linkage.

Statistics Canada, as the operational arm of the LHAD Initiative, is responsible for securely storing and processing LHAD data sets and for the production of the analysis files needed to carry out the approved research studies.

An important step in the production of the analysis files will be the creation by Statistics Canada of a Key Registry, using information from the Population Registries to be provided by the provincial/territorial ministries. The Key Registry will generate and store a unique identification number for each person (the LHAD ID) which will then be attached to each record of all databases of the LHAD Initiative. As such, all records will have a LHAD ID, thus establishing the necessary infrastructure to support approved record linkages among any combination of LHAD databases. The use of the Key Registry will improve significantly the quality and efficiency of those linkages.

The use of a LHAD ID number for each person also eliminates the need to store sensitive personal information such as name and health number on the various LHAD Initiative databases. Further, by storing all sensitive personal information in a Key Registry, management of data security and access measures is much more simplified and easier to control.

Conclusion

This privacy impact assessment has not identified any outstanding issues relating to confidentiality or security. The transmittal of personal health information to Statistics Canada will be carried out by means of a secure medium of transmission to ensure the security and integrity of the data. Once received into the secure environment of Statistics Canada, confidentiality is governed by the Statistics Act and the Agency has an exemplary record in that regard. Similarly, from a security perspective, Statistics Canada has had in place for many years, security policies and practices that are now just becoming a best practice in many other organizations.

Many activities of Statistics Canada–like the LHAD Initiative–by their very nature are privacy intrusive. Although a number of potential privacy concerns were identified, this assessment concludes that with the mitigation measures that have been put in place, any remaining risks are either negligible or are such that Statistics Canada is prepared to accept and manage the risk.

Introduction

The Labour Relations and Grievance System (LRGS) is a secure database containing information on grievances as well as on labour relations cases relating to Statistics Canada employees in Ottawa and in the regional offices.

Objectives

A privacy impact assessment of the Labour Relations and Grievance System was conducted to determine if there were any privacy, confidentiality and security issues, and if so, to make recommendations for their resolution or mitigation.

Description

The Labour Relations and Grievance System has been developed to assist Statistics Canada's Labour Relations Advisors in managing their activities related to grievances and labour relations cases in a more consistent and secure manner.

The system has been added to Statistics Canada's Administrative Systems Portal which resides on the internal closed network (Network A). Access to the system is restricted to only a limited number of authorized employees in the Human Resources Operations Division.

The system will allow Labour Relations Advisors to document cases in a consistent manner and will permit efficient tracking through the various steps of the management of the files. The database will also facilitate the production of reports using aggregate data based on selected criteria (for example, number of grievances per year, number of grievances upheld or dismissed, history of a specific case, etc.). These reports will be used by human resources management for reporting purposes and also by the Performance Management Steering Committee to support its ongoing initiatives within the Agency.

Conclusion

This privacy impact assessment did not identify any privacy risks that cannot be managed using either current safeguards or others that have been specifically developed for the implementation of the Labour Relations and Grievance System.

Introduction

The Human Resources Branch Service Request Management (HR-SRM) application will serve as a mechanism for employees to submit requests related to compensation and staffing. The HR-SRM will become part of the Agency’s Helpdesk Expert Automation Tool Service Request Management application which is currently used by Statistics Canada’s Informatics Technology Services Division to handle and manage IT-related requests from employees.

Objectives

A privacy impact assessment for the Human Resources Branch Service Request Management application was conducted to determine if there were any privacy, confidentiality and security issues, and if so, to make recommendations for their resolution or mitigation.

Description

Statistics Canada’s Human Resources Branch has identified a need to change the process by which employees submit requests related to compensation and staffing. In order to streamline the work flow and improve service to human resources clients (i.e., employees), modifications are being made to the Agency’s Helpdesk Expert Automation Tool Service Request Management application. Employees will not only be able to submit their compensation and staffing-related inquiries electronically, but the application will also allow them to view the status of their requests.

The HR-SRM will also facilitate workload management in the compensation and staffing areas. The application includes an escalation process that will notify human resources managers if requests are not completed within a specified time frame.

Conclusion

This privacy impact assessment did not identify any privacy risks that cannot be managed using either current safeguards or others that have been specifically developed for the implementation of the HR-SRM.

Introduction

Because Statistics Canada's Human Resources Branch identified a requirement to modernize the process by which its employees submit applications to internal selection processes, the Employment Application Submission Tool (EAST) was developed as a secure on-line mechanism.

Objective

A privacy impact assessment of the Employment Application Submission Tool was conducted to determine if there were any privacy, confidentiality and security issues, and if so, to make recommendations for their resolution or mitigation.

Description

Prior to the development of EAST, employees were required to submit competition applications on paper. With the introduction of EAST employees will have the option of submitting applications for competitions electronically using a system that will offer the required level of protection for the personal information that employees must provide.

Conclusion

The privacy impact assessment did not identify any privacy risks that cannot be managed using either current safeguards or others that have been specifically developed for the implementation of the Employment Application Submission Tool.