Privacy Impact Reports 2023 to 2024
On this page
June
- Business Intelligence Active Outreach for Labour Market Development Agreement programming
- Canada Student Financial Assistance Program Repayment Assistance Plan – Enhanced Verification Model (CSFA RAP-EVM) PIA
- Old Age Security Release 1 Foreign Benefits and Liaisons (OAS R1 FB)
- Security Screening Intake Process Simplification (SSIPS) Project MVP 2 Privacy Analysis for IT Solutions
- Updates to the Federal Disbursement Approval Process for the Canada Student Financial Assistance (CSFA) Program (Privacy Analysis for IT Solutions (PAITS)
July
- Client-Facing Tool for Internal Clients
- Internal Activity and Access Monitoring
- SIN on MSCA (SINOM) MVP 1 - PAITS
September
October
November
January
February
March
- Old Age Security (OAS) Data Migration Solution for Benefits Delivery Modernization (BDM) – PAITS
- Wage Earner Protection Program
June
Business Intelligence Active Outreach for Labour Market Development Agreement programming
Description of program/activity
The Business Intelligence Active Outreach (BIAO) project involves developing an interactive business intelligence dashboard. The purpose is to facilitate data-sharing between Employment and Social Development Canada and provinces and territories for Labour Market Development Agreements programming.
Need for privacy assessment (PAITS)
The assessment examines the privacy risks and associated mitigations related to the management and protection of personal information being transmitted through the new Business Intelligence Active Outreach solution.
More information
The Privacy Analysis for IT Solutions identified 1 medium risk and 1 compliance issue. The risks are in the process of being mitigated.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Canada Student Financial Assistance Program Repayment Assistance Plan – Enhanced Verification Model (CSFA RAP-EVM)
Description of program/activity
The Canada Student Financial Assistance (CSFA) Program is introducing enhancements to the Repayment Assistance Plan (RAP) to allow for verification of the borrower`s RAP application using Canada Revenue Agency (CRA) taxpayer information.
Need for privacy assessment
This privacy impact assessment was completed to ensure privacy was considered in the data exchange between ESDC and CRA to verify and confirm eligibility for RAP.
More information
The PIA identified 1 low, 1 medium risk, and 1 compliance issue. The risks are in the process of being mitigated.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Old Age Security (OAS) Release 1 (R1) Foreign Benefits (FB) and Liaisons Privacy Impact Assessment
Description of program/activity
The Benefits Delivery Modernization (BDM) Programme was created by ESDC to transform and modernize the service delivery of Benefits and Services to Canadians. The Old Age Security (OAS) Release 1 Foreign Benefits (FB) and Liaisons is the first benefit to be onboarded.
Need for privacy impact assessment (PIA)
This privacy impact assessment examines the privacy risks associated in a decision-making process that directly affect individuals. This process involves personal information exchange between Canada and 60 countries.
More information
The PIA identified a total of 6 risks, 4 are rated as medium risks, and 2 are low risks. In addition, the PIA identified 4 compliance-related issues. The risks are in the process of being mitigated.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Security Screening Intake Process Simplification (SSIPS) Project Minimum Viable Product 2 Privacy Analysis for IT Solutions
Description of program/activity
The Security Screening Intake Process Simplification (SSIPS) leverages Transport Canada’s platform to process security clearance upgrades and renewals for employees with existing security clearance.
Need for privacy assessment for IT solutions (PAITS)
This PAITS assesses the privacy risks related to the collection, use and handling of personal information received from applicants to process their security clearance for work.
More information
The PAITS identified 2 low risks. There was also 1 compliance issue. The mitigation strategies to address these risks are scheduled for completion by March 2025.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Updates to the Federal Disbursement Approval Process for the Canada Student Financial Assistance (CSFA) Program (Privacy Analysis for IT Solutions (PAITS)
Description of activity
CSFA is updating its process to allow for the more efficient disbursing of Canada Student Financial Assistance. The new process involves sensitive personal information.
Need for privacy assessment for IT solutions (PAITS)
This assessment examines the privacy risks and strategies related to the management and protection of personal information handled by the new process.
More information
The PAITS identified 1 medium risk. In addition, there were 2 compliance issues. The strategies to address these risks and issues are scheduled for completion by July 2024.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
July
Integrated Corporate Accounting and Accountability Directorate (ICAAD) Client-Facing Tool for Internal Clients Privacy Analysis for IT Solutions (PAITS)
Description of activity
Internal financial services for ESDC employees can be more efficiently and effectively managed by the newly developed Client-Facing Tool for internal clients. The current solution, iService Gateway, accepts and manages client requests inconsistently and provides limited functions at the backend, to search, analyze, and report on requests. The Client-Facing Tool improves on these aspects.
Need for privacy assessment for IT solutions (PAITS)
The assessment examines the privacy risks and strategies related to the management and protection of personal information handled by the new Client-Facing Tool.
More information
The PAITS identified no privacy risks nor compliance issues. A “privacy-by-design” approach was adopted due to ICAAD’s early engagement with Privacy Management Division that resolved privacy concerns.
To get access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Internal Activity and Access Monitoring (IAAM) Project 1: Employment Insurance (EI) Applications
Description of activity
The Internal Activity and Access Monitoring (IAAM) Project involves the implementation of a monitoring solution to identify insider threats and provides reports of unauthorized access or misuse of personal information.
Need for privacy impact assessment
This assessment identifies the privacy risks associated with IAAM’s use of personal information to confirm identity in the My Service Canada Account registration and authentication process on Employment Insurance Systems.
More information
The PIA identified 2 medium risks and 2 compliance issues The strategies to address these risks and issues are scheduled for completion by August 2024.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Social Insurance Number on My Service Canada Account (SINOM) – Minimum Viable Product (MVP) 1
Description of program/activity
The Social Insurance Number on My Service Canada Account (SINOM) project seeks to provide real-time SIN confirmation to clients by using the existing client service platform -My Service Canada Account (MSCA).
Need for privacy assessment (PAITS)
This assessment identifies the privacy risks associated with the use of personal information to confirm identity in the MSCA registration and authentication process.
More information
The PAITS identified 3 medium risks and 5 compliance issues. The strategies to address these risks and issues are being mitigated.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
September
COVID-19 Mandatory and Voluntary Rapid Testing Programs Privacy Impact Assessment
Description of program/activity
The Rapid Testing Programs at Employment and Social Development Canada consisted of the Mandatory Rapid Testing Program, and the Voluntary Rapid Testing Program for employees who regularly reported to a physical workspace. Participation in the Mandatory program was required for ESDC employees who were not vaccinated and had an approved Duty to Accommodate exemption. While participation in the Voluntary program was optional.
Need for Privacy Impact Assessment (PIA)
The assessment examines the privacy risks and strategies related to the management and protection of personal information involved with the Rapid Testing Programs at ESDC.
More information
The PIA identified 2 medium risks, and 2 compliance issues. The strategies to address these risks and issues were completed on June 29, 2023, and all mitigation actions have been completed. The program is no longer active.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
October
Passport Application Status Checker Privacy Analysis for IT Solutions (PAITS)
Description of activity
Service Canada in collaboration with Immigration, Refugees and Citizenship Canada (IRCC), launched the Passport Application Status Checker. This project is part of the Passport Program, and it enables passport applicants to request their application file number and/or check their passport application status online.
Need for the PAITS
The assessment examines the privacy risks and strategies related to the management, collection, and protection of personal information used by the Passport Application Status Checker.
More information
The PAITS identified 1 insignificant risk, 2 low risks,1 medium risk and 2 compliance issues. The strategies to address these risks and issues are scheduled for completion by the end of March 2025.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
November
Canadian Dental Care Plan Privacy Impact Assessment
Description of Program
The Canadian Dental Care Plan (CDCP), which was launched at the end of 2023 will provide dental coverage for uninsured lower income Canadians. Employment and Social Development Canada (ESDC) primary role is to assess eligibility for the program on behalf of Health Canada.
Need for the Privacy Impact Assessment (PIA)
The assessment examines the privacy risks and strategies related to the management and protection of personal information collected in the form of CDCP applications.
More information
The PIA identified 3 medium risks. In addition, there were 2 compliance issues. The strategies to address these risks and issues are scheduled for completion by May 2024.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Corporate Correspondence Tool – Privacy Analysis for IT Solutions
Description of program/activity
The Corporate Correspondence Tool (CCT) is an information technology system that creates, produces, and stores text-based communications between the Department and clients of ESDC programs, such as Old Age Security, Canada Pension Plan, and Employment Insurance.
Need for privacy assessment
This Privacy Analysis for IT Solutions (PAITS) examines how the CCT system manages personal information particularly when it is connected to newer ESDC systems.
More information
The PAITS identified 1 medium risk and 2 compliance issues. The strategies to address the risk and issues are scheduled for completion by end of fiscal year 2023/24.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Service Referral Initiative
Description of activity
The eServiceCanada Service Request Form project under the Service Referral Initiative (SRI) which is part of the Reaching All Canadians portfolio involves the implementation of a new application to the existing eServiceCanada solution that will enhance the delivery of services and benefits to better support Canada’s vulnerable populations.
Need for privacy impact assessment
The SRI involves limited collection and use of personal information to contact clients so that Service Canada representatives can direct them to appropriate support.
More information
The PIA identified 3 privacy risks all rated as low. The risks are in process of being mitigated.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
January
Canada Apprentice Loan’s Use of the Enterprise Cyber Authentication System (ECAS) Privacy Analysis for IT Solutions
Description of Activity
The Canada Student Financial Assistance Program has been working towards modernizing the
Canada Apprentice Loan (CAL) Electronic Identity Verification process. As a result, the My Service Canada Account (MSCA) portal will serve as a single point of entry for registration and authentication for clients to access the Canada Apprentice Loan Service Centre (CALSC).
Need for the Privacy Assessment for IT Solutions (PAITS)
The assessment examines the privacy risks and strategies related to the management and protection of personal information that is handled by the ECAS system.
More information
The PAITS identified 4 medium risks. The strategies to address these risks are scheduled for completion by 2025.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
February
Addendum to: Enabling Services Renewal Program (ESRP) – ‘myEMS (PeopleSoft)’ 2015 Privacy Impact Assessment (PIA) Report For: PeopleSoft HR Help Desk module “myESDC HR” HRSB Case Management Solution
Description of program/activity
PeopleSoft is Employment and Social Development Canada’s (ESDC) primary system for digital Human Resources (HR) services. Human Resources Services Branch (HRSB) is adopting a new module into PeopleSoft, Case Management 1 (CM1), that will modernize and streamline how HR processes requests.
Need for privacy assessment
This PIA Addendum examines the privacy risks regarding the intake, assignment, and resolution of HR cases in PeopleSoft.
More information
The PIA Addendum identified 1 low and 1 medium risk. The risks are in process of being mitigated.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
PeopleSoft- Offboarding Addendum to the Enabling Services Renewal Program (ESRP) myEMS (PeopleSoft) PIA
Description of program/activity
PeopleSoft is Employment and Social Development Canada’s (ESDC) primary system for digital Human Resources (HR) services. Human Resources Services Branch (HRSB) is adopting a new centralized module into PeopleSoft: Offboarding, which will centralize employee departures from ESDC in the PeopleSoft system.
Need for privacy assessment
This PIA Addendum examines the privacy risks related to centralizing employee departure activities in the People Soft Offboarding module.
More information
The PIA Addendum identified 2 low risks. The risks are in process of being mitigated.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
March
Old Age Security (OAS) Data Migration Solution for Benefits Delivery Modernization (BDM) – Privacy Analysis for IT Solutions
Description of program/activity
The Old Age Security (OAS) Data Migration Solution is temporary environment that will be used to copy, prepare, test, and refine data from existing ESDC systems and databases to the new technology platform.
Need for a privacy analysis for IT solutions (PAITS)
A PAITS was completed to identify the privacy risks, and related risk mitigations, to implementing a new digital tool that changes how personal information is handled during the process of transferring to the new platform.
More Information
The PAITS identified 1 medium risk and 2 low risks. The strategies to address these risks are ongoing.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Wage Earner Protection Program Privacy Impact Assessment (PIA)
Description of program/activity
The Wage Earner Protection Program (WEPP) provides financial support to workers in Canada who lose their jobs and are owed wages when their employer is unable to pay. The federal government seeks recovery of the amounts as the creditor of the employer and pays the worker. Applicants can request a review in case of disagreements and can request and appeal the decision.
Need for privacy impact assessment (PIA)
This PIA examines the privacy risks associated with the collection, use and handling of sensitive personal information associated with the WEPP.
More information
The PIA identified 2 medium risks and 2 compliance issues. The strategies to address these risks and issues have been mitigated.
To have access to this privacy product, please contact:
Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)
Page details
- Date modified: