Language selection

Government of Canada / Gouvernement du Canada

Search

Privacy Impact Assessment Summary - All Events Response Operations

Government Institution: Public Health Agency of Canada - Health Security Infrastructure Branch

Name of Program: All Events Response Operations (AERO)

Government Official Responsible for the Privacy Impact Assessment: Russell Mawby, Director, Public Health Capacity Development Division, Public Health Agency of Canada

ATIP Coordinator: Cynthia Richardson

Description of Program or Activity: The All Events Response Operations (AERO) application, administered by the Public Health Workforce Development Unit (PHWDU) within the Centre for Public Health Infrastructure (CPHI), is a web-based database that facilitates the collection of information necessary to mobilise health professionals (initially epidemiologists), in support of responses to emergencies/public health events nationally and internationally. The application will strengthen the Agency's capacity to respond to emergencies/public health events by permitting the rapid and transparent identification of staff with the necessary skills, experience and expertise. AERO will enhance an existing paper-based system by integrating a business analysis tool that will enable the enumeration of response capacity and to identify response capacity gaps.

Legal Authority for Program or Activity: Legal authority for the collection of personal information in AERO is found under section 3 of the Public Health Agency of Canada Act and subsection 4(2) of the Department of Health Act.

Related Personal Information Bank: All Events Response Operations (AERO) - PHAC PPU 305.

Risk Identification and Categorization

As per the TBS Directive on Privacy Impact Assessment, the core PIA must include a completed risk identification and categorization section as outlined below. To have consistent risk categories and risk measurement across government institutions, standardized risk areas (itemized below) and a common risk scale are to be maintained as the basis for risk analysis.

The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area.

  1. Type of program or activity
    • Risk scale 2
    • Administration of program or activity and services
  2. Type of personal information involved and context
    • Risk scale 1
    • Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program.
  3. Program or activity partners and private sector involvement
    • Risk scale 2
    • With other government institutions.
  4. Duration of the program or activity
    • Risk scale 3
    • Long-term program or activity
  5. Program population
    • Risk scale 1
    • The program's use of personal information for internal administrative purposes affects certain employees.
  6. Personal information transmission
    • Risk scale 3
    • The personal information is transferred to a portable device (i.e., USB key, diskette, laptop computer), transferred to a different medium or is printed.
  7. Technology and privacy
    • Does the new or substantially modified program or activity involve implementation of a new electronic system or the use of a new application or software, including collaborative software (or groupware), to support the program or activity in terms of the creation, collection or handling of personal information? Yes
    • Does the new or substantially modified program or activity require any modifications to information technology (IT) legacy systems? No
    • Specific technological issues and privacy N/A
      • Does the new or substantially modified program or activity involve implementation of new technologies or one or more of the following activities:
        • enhanced identification methods;
        • surveillance; or
        • automated personal information analysis, personal information matching and knowledge discovery techniques?
    • A YES response indicates the potential for privacy concerns and risks, which will require consideration and, if necessary, mitigation.
  8. Impact on the individual or employee
    • Potential risk of Breach that in the event of a privacy breach, there will be an impact on the individual or employee. Yes

Page details

Date modified: