Digital Recruitment Platform

1. About the Department of National Defence (DND)

DND is responsible for supporting the Navy, Army, Air, and Special Forces in the defence of Canadian interests at home and abroad. When combined, DND/CAF is Canada’s largest federal department, employing nearly 125,000 personnel. This includes 72,000 Regular Force members, 30,000 Reserve Force members, and 25,000 civilian or non-uniformed employees.

DND’s ability to fulfill its mandate in an effective and efficient manner depends, in large part, on its ability to attract and maintain a highly motivated, knowledgeable, and innovative workforce. As with military members, civilians contribute to the defence and security of Canada through placements in over 70 different professions. These include corporate services, skilled trades, intelligence work, engineering, and military housing. Career advancement programs for civilians also exist for students, new graduates, and apprentices.

Over the last several years, DND has been increasing civilian hires in an effort to better respond to human resource needs. Although DND has added many new civilian members over the past few years its ongoing success depends on its ability to add to and augment the skills of its civilian workforce. It also depends on having effective systems in place to support key human resource functions such as hiring, in line with the Department’s long-term strategic plans.

2. Modernizing Staffing and Recruitment

In keeping with the Public Service Commission’s New Direction in Staffing, and DND’s own interests in modernizing its hiring and employee onboarding processes, the Department wishes to acquire and implement an on-line recruitment platform to better manage its entire recruitment life cycle. Once fully implemented and operational, the platform is expected to automate portions of the Department’s civilian recruitment process, and to help in the application of more modern data-intelligence techniques to its hiring campaigns.

By investing in digital recruitment software, DND expects to be able to improve the efficiency of its recruiting efforts, and to better reach and attract hard-to-find talent. The recruitment software is also expected to assist in building better talent pools, and in hiring the right people in the right positions so that new recruits become long-term and productive employees of the organization. The use of digital recruitment software may also help to better meet the needs and expectations of candidates.

3. Purpose and Scope of the Privacy Impact Assessment (PIA)

DND is named in the Schedule to the Privacy Act and is subject to the privacy policies and directives of the Treasury Board of Canada Secretariat (TBS). Under the TBS Policy on Privacy Protection, all federal institutions subject to the Privacy Act are required to undertake an assessment of the privacy impacts associated with the development or design of new programs or services involving personal information (or when making significant changes to an existing program or service).

In keeping with the above, DND has elected to undertake a PIA in relation to its planned acquisition, implementation, and use of a DRP. The use of a DRP is expected to result in the collection of personal information, some of which may be used to make decisions that directly affect identifiable individuals. DRPs may also affect the manner in which personal information is collected and handled by DND.

The PIA was completed under the direction of DND’s Assistant Deputy Minister for Human Resources – Civilian (ADM(HR-Civ)) and approved by DND’s Director of Access to Information and Privacy (DAIP) Coordinator, DND’s delegate under section 73 of the Privacy Act.

4. Privacy Analysis

Based on the results of the PIA, privacy risks arising from the collection, use, disclosure, and retention of personal information using a DRP are expected to be moderate. Potential impacts on the privacy of individuals are being properly managed by DND through appropriate legal, policy and technical measures geared at the protection of that information. Recommendations included in PIA are expected to reduce risks to a low (or acceptable) level.

5. Risk Area Identification and Categorization

Risk Area	Level of Risk to Privacy
A: Type of Program or Activity
Personal information is used to make decisions that directly affect the individual (i.e. determining eligibility for programs including authentication for accessing programs/services, administering program payments, overpayments, or support to clients, issuing or denial of permits/licenses, processing appeals, etc…).	2
B: Type of Personal Information Involved and Context
Personal information provided by the individual with consent to also use personal information held by another source / with no contextual sensitivities after the time of collection.	2
C: Program or Activity Partners and Private Sector Involvement
Within the department (amongst one or more programs within the department)	1
With other federal institutions	2
With other or a combination of federal/ provincial and/or municipal government(s)	3
Private sector organizations or international organizations or foreign governments	4
D: Duration of the Program or Activity
Short–term program: A program or an activity that supports a short-term goal with an established “sunset” date.	2
E: Program Population
The program affects certain individuals for external administrative purposes.	3
F: Technology and Privacy
Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?	Yes
Does the new or modified program or activity require substantial modifications to IT legacy systems and / or services?	No
The new or modified program or activity involves the implementation of potentially privacy invasive technologies?	No
G: Personal Information Transmission
The personal information is used in system that has connections to at least one other system.	2
The personal information may be printed or transferred to a portable device.	3
H: Risk Impact to the Department
Managerial harm. Processes must be reviewed, tools must be changed, change in provider / partner.	1
Organizational harm. Changes to the organizational structure, changes to the organizations decision-making structure, changes to the distribution of responsibilities and accountabilities, changes to the program activity architecture, departure of employees, reallocation of HR resources.	2
Financial harm. Lawsuit, additional moneys required reallocation of financial resources.	3
I: Risk Impact to the Individual or Employee
Inconvenience.	1
Reputation harm, embarrassment.	2