Privacy Impact Assessment Summary: Social Media Monitoring
Summary Issues and Mitigation Strategies
The purpose of the Executive Summary is to provide a brief overview of the IRCC program and/or activity the PIA report will be addressing including the scope (what the assessment will specifically cover), and a list of all the privacy risks identified via the PIA process along with the planned mitigation measures to address these risks.
About the Program
This PIA was developed to assess IRCC’s social media monitoring activities. Social media monitoring includes the collection, analysis and reporting of online public communications, including forum discussions and social media activity. Such communications are collected through the use of keyword searches run within a third-party social media monitoring software; searches are designed to collect data on communications relevant to IRCC’s mandate and issues of interest under that mandate, rather than data on individuals/clients.
Scope of the PIA
The PIA covers social media monitoring activities, such as what information is put into the tool (keyword searches), how data is collected and transmitted, and how IRCC uses the data (how data is reported and stored). Consideration is also given to the privacy policy of the third-party software, and of social media platforms. Outside the scope of the PIA are traditional media monitoring activities, data collected without the use of the tool, instances where individuals directly engage IRCC, and stakeholder social media activity.
Summary of Privacy Issues and Mitigation Strategies
Privacy concerns are centered on the improper or unnecessary collection and/or use of public communications data. For example, the tool could be used to search for, collect, and/or report personal information that is not required to meet the objectives of the activity. The data generated from the report could also be distributed beyond what is necessary. Privacy issues identified also include the potential for information to be retained for longer than is necessary, or that the information retained/shared may have changed prior to collection. Finally, IRCC’s social media monitoring activities are conducted without direct notification to individuals, with the risk that individuals are unaware of data collection/use.
Mitigations include: the publication of a privacy notice; the publication of the PIB and PIA summaries posted to the website; restriction of access to the tool; the implementation of a usage protocol for all tool users, providing guidance on how the tool is to be used; reporting protocols which require tool users to not include identifiable details from public communications data, and which outline how information should be retained and destroyed; technical mitigations to restrict access to reports generated with data from the tool; and auditing capacity for the access, alteration or other use of reports. IRCC’s ATIP division will be consulted as required to confirm appropriate protocols where existing mitigations are unclear or where an exceptional circumstance may arise
Summary issues | Mitigation strategies | Timelines |
---|---|---|
Program could collect, use and disclose identifiable personal information beyond what is necessary and proportionate to the legal authority. |
Usage and reporting protocols are put in place for tool users, which limits the risk of IRCC searching for, collecting, or reporting personal information. Written consent would be sought from any individual whose personal information will be collected and disseminated in the department. ATIP is consulted as required. |
Currently in place. |
There is a risk that individuals will be unaware that IRCC is conducting social media monitoring activities that involve an assessment of aggregate social media information and may in some circumstances involve specific collection, use and disclosure of personal information. |
A privacy notice, as well as PIB and PIA summaries, are made available on IRCC’s website. The privacy notice will also be linked to from IRCC’s terms of use for social media, which are also online and linked to from IRCC’s official social media accounts. Communications may occur to advise individuals of the terms and the privacy notice. |
To be implemented in Q3 of 2019-20. |
There is a risk that information will be retained for longer than relevant and necessary. |
Any information kept will be reviewed on a quarterly basis; information that is no longer relevant and necessary will be destroyed. Reporting provides aggregate data and summaries of qualitative data to limit the extent to which the information that is retained includes personal information. |
Currently in place. |
There is a risk that information will be shared internally that may have been changed since first reviewed. | The tool regularly updates the data set which it displays to users; if data is altered or removed by an individual, the previous data will not be displayed by the tool. Reporting provides aggregate data and summaries of qualitative data to limit the extent to which the information that is retained includes personal information. |
Not applicable. |
There is a risk that an IRCC employee will inadvertently identify and share an individual’s personal information without authorization. |
Only users who are required to have access to the tool (to fulfill the team’s mandate) have access to the tool. These users are required to abide by usage and reporting protocols. Any reporting is reviewed by management prior to circulation, and auditing functions exist to view records of, and limit, report access. Dissemination of reports is minimized to include only those who require the information. All breaches are reported immediately to ATIP. |
Currently in place. |
IRCC employees could reveal personal information about an individual to the third party tool based on keyword search terms. |
IRCC’s usage protocol includes guidelines to ensure that this risk is minimized. The protocol requires that monitoring is done for issues, rather than for individuals, and that individuals, clients, and sensitive/personal information cannot form the basis of any searches using the tool. |
Currently in place. |
Page details
- Date modified: