Privacy Impact Reports 2022 to 2023
On this page
April
- Integrity Investigations Document Upload System
- One Time Grant for Guaranteed Income Supplement Recipients Who Received Pandemic Benefits in 2020
- Rogers Virtual Contact Centre: Canada Student Financial Assistance Program and Canada Education Savings Program
June
August
September
October
December
January
- Canada Student Financial Assistance Program Buy-Back of Student Loans from Financial Institutions Privacy Impact Assessment
- Employment Insurance Emergency Response Benefit (EI ERB) – Phase 1 – Administration of EI ERB - Updates to the Privacy Compliance Evaluation (PCE)
- Exchange of personal information on offenders between Employment and Social Development Canada/Canada Employment Insurance Commission and Correctional Service Canada for the administration of the Employment Insurance Emergency Response Benefit (EI ERB) updates to Privacy Compliance Evaluation
- Pension Process Automation
- Service Canada Compliance Verification Service for the Public Health Agency of Canada during COVID-19 (PHAC 2.0 and 3.0) - Update
- Service Canada Compliance Verification Service for the Public Health Agency of Canada during COVID- 19 Pandemic Public Health Agency of Canada 4.0 – (PHAC 4.0)
- Simplified Digital Identity Validation (SDIV) - Updates to the Privacy Compliance Evaluation
- Quarantine Call Centre - Updates to the Privacy Compliance Evaluation
February
- Information Sharing on the SIN/SIR Information Exchange between the Canada Employment Insurance Commission and the Canada Border Service Agency
- Integrated Quality Platform
- Hootsuite Updates
- Passport Application Status Checker
March
April
Integrity Investigations Document Upload System (IIDUS) – Privacy Analysis for IT Solution (PAITS)
Description of Program/Activity
This system was developed by Employment and Social Development Canada (ESDC) in response to the closure and restrictions of Service Canada Centres due to COVID-19.
Through IIDUS, clients can use a public Web portal to securely upload documents and images from their devices that are required by Integrity Services Branch during an investigation.
Need for the Privacy Analysis for IT Solutions (PAITS)
The Privacy Management Division helped complete this PAITS to identify privacy risks associated with the new method of collecting personal information as well as to understand where and how document images are accessed, downloaded, and stored.
More Information
The Privacy Analysis identified 2 medium-level risks and 1 low risk. The risks are in the process of being mitigated.
To have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
One (1)-Time Grant for Guaranteed Income Supplement Recipients Who Received Pandemic Benefits in 2020 – Privacy Impact Assessment (PIA)
Description of Program/Activity
The Guaranteed Income Supplement (GIS) benefit is available to low-income Old Age Security pensioners who are experiencing a loss or reduction of their GIS benefit due to receiving pandemic benefits in July 2021.
Need for the Privacy Impact Assessment (PIA)
The Privacy Management Division helped complete this PIA to identify the privacy risks related to the collection, use, disclosure, and handling of personal information for clients receiving this payment.
More Information
The PIA identified 2 medium-level risks. No issues of non-compliance were identified in the PIA.
To have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Rogers Virtual Contact Centre: Canada Student Financial Assistance Program and Canada Education Savings Program – Privacy Analysis for IT Solutions (PAITS)
Description of Program/Activity
Service Canada implemented call/screen recordings to the Rogers Virtual Contact Centre (VCC) system for the Canada Student Financial Assistance (CSFA) Program and the Canada Education Savings Program (CESP) contact centres.
This hosted contact centre solution offers capabilities such as call routing and interactive voice response (IVR), call handling, workforce management, quality management and reporting.
Need for the Privacy Analysis for IT Solutions (PAITS)
The Privacy Management Division helped complete this PAITS to identify the privacy risks relating to the implementation of call/screen recordings features within Rogers’ VCC for training and quality assurance purposes.
More Information
The PAITS identified 2 medium risks. In addition, there was 1 compliance issue. The risks are in the process of being mitigated.
To have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
June
Benefits Knowledge Hub (BKH) – Privacy Analysis for IT Solutions (PAITS)
Description of Program/Activity
The Benefit Knowledge Hub (BKH) data warehouse is a merged set of data from multiple sources. It generates reports and analytics on the outcomes of programs and services, including rapidly established benefits.
Need for the Privacy Analysis for IT Solutions (PAITS)
The Privacy Management Division helped complete this PAITS to examine the privacy risks and associated mitigations related to the management and protection of personal information during use and transmission of the data.
More Information
This PAITS identified 6 privacy risks; 4 are rated as Medium Risks, and the other 2 are all rated as Insignificant Risks. The risks are in the process of being mitigated.
To have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
August
Employment Insurance (EI) Part II Application Programming Interface (API) Project – Privacy Analysis for IT Solutions (PAITS)
Description of Program/Activity
The EI Part II Application Programming Interface (API) Project will transfer existing EI information from the Employment Insurance Benefits Information System (EIBIS) to Provinces and Territories (PTs) by using server-to-server connections.
Need for the Privacy Analysis for IT Solutions (PAITS)
The Privacy Management Division helped complete this PAITS to identify the privacy risks related to the EI API solution, which is only limited to the automation of the data exchanged with the Provinces and Territories. The assessment examines the privacy risks and strategies related to the management and protection of personal information in API.
More Information
The PAITS identified 2 low-level risks related to the Accuracy and Safeguarding principles. 1 of which was completed during the development of this PAITS. The risks are in the process of being mitigated.
To have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
September
Canada Pension Plan Disability (CPPD) Medical Expertise Division File Tracking Solution – Privacy Analysis for IT Solutions (PAITS)
Description of Program/Activity
When a CPPD application has been denied, a new case management solution will be used for applicants to provide additional information to appeal with the Social Security Tribunal (SST). This will provide for an entirely new hearing of the case.
Need for the Privacy Analysis for IT Solutions (PAITS)
The Privacy Management Division helped complete this PAITS to examine the privacy risks to the handling of personal information and associated mitigations related within the MS Dynamics system.
More Information
This Privacy Analysis for IT Solutions identified no risks or issues.
To have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
October
Data Migration and Retention for the Public Health Agency of Canada COVID-19 Quarantine Compliance Campaign – Privacy Analysis for IT Solutions (PAITS)
Description of Program/Activity
In April 2020, the Government of Canada implemented the Minimizing the Risk of Exposure to COVID-19 in Canada Order (Mandatory Isolation) under the authority of the Quarantine Act, which requires any individual entering Canada to quarantine.
Need for Privacy Analysis
ESDC leveraged an existing contract with a third-party to provide call centre services.
The Privacy Management Division helped complete this PAITS to examine the privacy risks and strategies related to the management and protection of personal information related to the migration and retention of personal information to and by ESDC from the third party upon expiration of contract.
More Information
The Privacy Analysis identified 1 low-level risk and 0 compliance issues were identified.
To have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
December
Vaccination Attestation Validation Audit – Privacy Impact Assessment (PIA)
Description of Program/Activity
On October 6, 2021, the Policy required that all employees of the Core Public Administration (CPA) be fully vaccinated unless a Duty to Accommodate (DTA) under medical or religious grounds was approved. Vaccination status attestations were reported to the Treasury Board, through the Government of Canada Vaccination Attestation System (GC VATS).
Need for the Privacy Impact Assessment (PIA)
Randomly selected ESDC executive and non-executive employees were audited for the purpose of verifying the efficacy of employee attestations using CaseWare analytics tool. The Privacy Management Division helped complete this PIA to identify privacy risks associated with the collection and use of personal information.
More Information
The PIA identified no privacy risks or compliance issues.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
January
Canada Student Financial Assistance (CSFA) Program Buy-Back of Student Loans from Financial Institutions – Privacy Impact Assessment (PIA)
Description of Program/Activity
Employment and Social Development Canada’s Canadian Student Financial Assistance (CSFA) Program, formerly called the Canada Student Loans Program (CSLP), is in the process of buying back eligible student loans from Financial Institutions (FIs) who have been providing loans directly to eligible students since the Program’s inception in 2014.
The only new collection of personal information is the collection of banking information required for loan repayment.
Need for the Privacy Impact Assessment (PIA)
The Privacy Management Division helped complete this PIA because the personal information involved administrative purposes that directly affect Borrowers of student loans under the CSFA Program.
More Information
The PIA identified 1 medium risk related to retention processes and 1 compliance issue requiring updates to the applicable personal information bank.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Employment Insurance Emergency Response Benefit (EI ERB) – Phase 1 – Administration of EI ERB - Updates to the Privacy Compliance Evaluation (PCE)
Description of Program/Activity
This is an update to the Privacy Compliance Evaluation (PCE) on the Administration of Employment Insurance – Emergency Response Benefit (EI ERB) submitted to the Treasury Board Secretariat (TBS) by Service Canada, Employment and Social Development Canada (ESDC) in December 2020.
The PCE update addresses gaps identified by TBS in November 2021. There are no new privacy risks or compliance issues.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Exchange of personal information on offenders between Employment and Social Development Canada/Canada Employment Insurance Commission and Correctional Service Canada for the administration of the Employment Insurance Emergency Response Benefit (EI ERB) - updates to Privacy Compliance Evaluation
Description of Program/Activity
The exchange of personal information shared between Employment and Social Development Canada/Canada Employment Insurance Commission (ESDC/CEIC) and Correctional Service Canada (CSC) to establish eligibility for the Employment Insurance Emergency Response Benefit (EI ERB). The original Privacy Compliance Evaluation (PCE) was submitted December 2020.
This update to the submitted in December 2020 brings the assessment in alignment with requirements outline in Annex A of the Treasury Board Directive on Privacy Impact Assessment. Based on the above privacy analysis, there are no further privacy risks or compliance issues to add to the original Privacy Compliance Evaluation.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Pension Process Automation – Privacy Analysis for IT Solutions (PAITS)
Description of Program/Activity
In January 2022, a new automation solution is being implemented for the Pension Process Automation (PPA) project. Automation Anywhere, a cloud-based commercial-off-the shelf software product, will be used to process information automatically, replacing manual processing by an agent.
Need for the Privacy Analysis for IT Solutions (PAITS)
The Privacy Management Division completed this PAITS to examine the significant amount of personal information from applications that will be processed through this Robotic Processing Automation (RPA) solution and housed on the server. This may affect individuals directly.
The PAITS identified no outstanding risks or issues to mitigate.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Service Canada Compliance Verification Service for the Public Health Agency of Canada during COVID-19 (PHAC 2.0 and 3.0) - Update
Description of Program/Activity
This is an update to the Privacy Compliance Evaluation (PCE) on for the Service Canada Compliance Verification Service for the Public Health Agency of Canada (PHAC) During COVID-19 Pandemic 2.0 & 3.0 submitted to the Treasury Board Secretariat (TBS) by Employment and Social Development Canada (ESDC) in July 2020 under the Interim TBS Directive on Privacy Impact Assessment (PIA), which was implemented to permit the completion of a preliminary PIA for urgent COVID-19 related initiatives in place of a full PIA.
The following PC update addresses gaps identified by TBS in November 2021.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Service Canada Compliance Verification Service for the Public Health Agency of Canada during COVID- 19 Pandemic Public Health Agency of Canada 4.0 – (PHAC 4.0)
Description of Program/Activity
Service Canada Compliance Verification Service for the Public Health Agency of Canada During COVID-19 Pandemic (PHAC 4.0) was submitted to the Treasury Board Secretariat (TBS) by Employment and Social Development Canada (ESDC) in March 2021 under the interim TBS Directive on Privacy Impact Assessment (PIA), which was implemented to permit the completion of a preliminary PIA for urgent COVID-19 related initiatives in place of a full PIA.
The following PCE update addresses gaps identified by TBS in November 2021.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Simplified Digital Identity Validation (SDIV) - Updates to the Privacy Compliance Evaluation (PCE)
Description of Program/Activity
The purpose of this PCE Update is to address the gaps in the original PCE identified by TBS. If there are future changes to the Simplified Digital Identity Validation solution, ESDC will provide an additional update or possibly a new assessment depending on if there are substantial changes.
This PCE Update identified no additional privacy risks.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Quarantine Call Centre - Updates to the Privacy Compliance Evaluation (PCE)
Description of Program/Activity
The Quarantine Call Centre submitted to the Treasury Board Secretariat (TBS) by Employment and Social Development Canada (ESDC) in April 2020 under the Interim TBS Directive on Privacy Impact Assessment, which was implemented to permit the completion of a preliminary PIA for urgent COVID-19 related initiatives in place of a full PIA. The following PCE update addresses gaps identified by TBS in November 2021.
There are no further privacy risks or compliance issues to add to the original Privacy Compliance Evaluation.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
February
Information Sharing on the Social Insurance Number/Social Insurance Register (SIN/SIR) Information Exchange between the Canada Employment Insurance Commission and the Canada Border Service Agency – Privacy Impact Assessment
Description of Program/Activity
In June 2014, the Minister of ESDC announced a specific commitment to improve information sharing with the Canada Border Services Agency (CBSA) to enhance the administration and enforcement of Canada’s immigration programs.
An Information Sharing Agreement (ISA) was drafted to cover:
- the disclosure of personal information from the CEIC to CBSA to allow the CBSA to administer and enforce the Immigration and Refugee Protection Act (IRPA); and
- the disclosure of personal information from CBSA to the CEIC for the administration of the SIN program and to enhance the Integrity of the SIR.
Need for the Privacy Impact Assessment (PIA)
The Privacy Management Division helped complete this PAITS to examine the information exchanged between the CEIC and CBSA that will be used in a decision-making process that directly affects individuals.
More Information
The PIA identified 1 medium, 2 low risks. In addition, there was 1 compliance issue. The strategies to address these risks and issue are scheduled for completion by October 2022.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Integrated Quality Platform (IQP) – Privacy Analysis for IT Solutions (PAITS)
Description of Program/Activity
The Integrated Quality Platform (IQP) is a combination of 3 different quality assurance programs at ESDC and seeks to enhance the department’s service to the Office of the Auditor General (OAG) by providing improved business analytics and thus, enhance their accurate reporting of public accounts to Parliament.
Need for the Privacy Analysis for IT Solutions (PAITS)
As there is handling of sensitive personal information for the purposes of quality assurance, on the Privacy Management Division helped complete this PAITS to examine the new IQP platform and ensure it adhered to the Treasury Board Secretariat Directive on PIAs.
More Information
The PAITS identified 1 medium risk and 1 compliance issue. The strategies to address these risks and issues are scheduled for completion by April 2023.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Hootsuite Updates - Privacy Impact assessment
Description of program/activity
Employment and Social Development Canada (ESDC)’s Citizen Service Branch (CSB) is responsible for managing key digital services including management of Government of Canada (GC) social media accounts. CSB provides guidance but is not responsible for the use of social media platforms, posting of content, and conformance to GC social media policy. These responsibilities lie with individual federal institutions.
Need for Privacy Impact Assessment
Since 2016 there have been several changes in the administrative process of account management that is addressed in this PIA together with the introduction and implementation of Hootsuite tools, Impact, and Insights. The changes however do not involve a collection of personal information and therefore this PIA only serves as an update to the original PIA which is an evergreen document that requires updating as necessary.
More Information
This PIA focused on the recording of changes to the original PIA in terms of standards, processes, and expanded functionality of the HSE to include Impact and Insights. The PIA did not identify any privacy risks or compliance issues.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Passport Application Status Checker
Description of program/activity
Service Canada (part of Employment and Social Development Canada (ESDC)), in collaboration with Immigration, Refugees and Citizenship Canada (IRCC), launched the Passport Application Status Checker. This project is part of the Passport Program, and it enables passport applicants to request their application file number and/or check their passport application status online.
Need for the PAITS
ESDC Privacy Management Division and IRCC Privacy helped complete this PAITS to identify the privacy risks associated with the Passport Application Status Checker.
The assessment examines the privacy risks and strategies related to the management and protection of personal information collected and used by the Passport Application Status Checker.
More Information
This PAITS focused on the collection and sharing of personal information by Service Canada and IRCC as part of this project. This is a new project. The PAITS identified 2 low and 1 medium risks. In addition, there were 2 compliance issues. The strategies to address these risks and issues are scheduled for completion by the end of March 2024.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
March
Canada Pension Plan Disability Work Activity/Substantial Gainful Occupation (CPPD WA/SGO) – Privacy Analysis
Description of Program/Activity
The Canada Pension Plan Disability (CPPD) Program implemented a revised benefit policy to assess work activity and substantial gainful occupation as part of a multi-year renewal.
The intent of the CPPD Work Activity/Substantial Gainful Occupation (WA/SGO) data collection phase is to collect information on recipients who report volunteer and/or education activities.
Need for the Privacy Analysis
The Privacy Management Division helped complete this Privacy Analysis (PA) to examine the data collection phase. This PA is to identify privacy risks or compliance issues associated with personal information as the new CPPD policy will revise procedures on how personal information is being handled.
More Information
The PA identified 1 low risk and 1 medium risk. In addition, there were 2 associated compliance issues. The risks and issues are in the process of being mitigated.
To have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Page details
- Date modified: