ALTO Learning Management System: Privacy impact assessment summary
On this page
- Section 1—Privacy impact assessment overview
- Section 2—Privacy impact assessment risk area identification and categorization
Section 1—Privacy impact assessment overview
In this section
- Government institution
- Head of institution or delegate for section 10 of the Privacy Act
- Senior official or executive for the new or substantially modified program or activity
- Name and description of the program or activity of the government institution
- Legal authority for program or activity
- Personal information bank
- Summary of the project, initiative, or change
Government institution
Public Services and Procurement Canada (PSPC).
Head of institution or delegate for section 10 of the Privacy Act
Lorenzo Ieraci, Assistant Deputy Minister.
Lyne Roy, Senior Director, Access, Privacy and Transparency Directorate.
Senior official or executive for the new or substantially modified program or activity
Kiran Hanspal, Assistant Deputy Minister, Human Resources Branch.
Name and description of the program or activity of the government institution
PSPC Learning Services uses ALTO to deliver, manage and report on the training authorized by PSPC for its employees. ALTO replaces legacy systems (for example, Integrated Training System (ITS), ITS Report, Skillport and Impromptu) with a single Learning Management System that meets PSPC requirements and manages and tracks roughly 14 million of training activities annually.
Legal authority for program or activity
- Financial Administration Act, paragraph 12(1)(a).
- Department of Public Works and Government Services Act, subsections 6(b) and 15(b).
Personal information bank
No modification required for the following existing personal information bank:
Standard personal information bank PSE 905 Training and Development
Summary of the project, initiative, or change
ALTO is used to deliver training and professional development opportunities to PSPC employees, so that the Department can develop their full potential while fulfilling its legal and legislative responsibilities. In essence, it is a management tool that regulates the actual delivery of training. The catalogue of courses that ALTO delivers includes over 300 courses. Some of this training is developed in-house and some is developed by third parties. Simply put, the application associates the following with the PSPC Learner:
- what training will take place
- when the training will take place
- how the training will be delivered
- who will deliver the training
- results of any tests taken during the training
- attendance at the training
- if the training has been completed
If the training has been successfully completed, ALTO provides the ability to print a certificate of completion and a transcript.
Thus, the only new piece of personal information made by ALTO (that is not already in PeopleSoft) is the linkage between an employee and a course, and whether or not the employee was successful in completing the course.
PSPC had to acquire its own instance of a Learning Management System (LMS) known as ALTO and did so in alignment with what the Treasury Board recommended and what other departments were doing. It is important to note that the project replaced a Learning Management System operated by the Canada School of Public Service (CSPS), where PSPC Learner Profiles were hosted on CSPS systems, using the Personal Record Identifier (PRI). ALTO moved all the data under the control of PSPC and no longer uses the PRI. Additionally, the Learner Data now comes from PSPC’s authoritative source, namely the MyGCHR. The actual privacy risks remain unchanged, as there is still a probability that if security is breached, the courses that a learner has taken, and the results of any testing associated with the course may be known to others.
The reason that a privacy impact assessment (PIA) is being conducted is to ensure that the activities meet current privacy requirements.
This PIA is an update of the existing PIA for the precursors of ALTO, thereby, consolidating all aspects of the project into a single PIA, and reflects the whole program/activity from its start date of April 1, 2017.
Section 2—Privacy impact assessment risk area identification and categorization
In this section
- Type of program or activity
- Type of personal information involved and context
- Program or activity partners and private sector involvement
- Duration of the program or activity
- Program population
- Technology and privacy
- Personal information transmission
- Risk impact to the institution
- Risk impact to the individual or employee
The following section contains risks identified in the PIA for the new or modified program. A risk scale has been included for each risk area. The numbered risk scale is presented in ascending order:
- the first level represents the lowest level of potential risk for the risk area
- the fourth level represents the highest level of potential risk for the given risk area
Please refer to Appendix C of the Treasury Board Secretariat Directive on Privacy Impact Assessment to learn more about the risk scale. The risk scale must be included for each classification.
Type of program or activity
Risk scale: 1
Risk scale: 2
ALTO is configured to report on the following with the PSPC Learner:
- what training will take place
- when the training will take place
- how the training will be delivered
- who will deliver the training
- attendance at the training
- the results of any tests that are associated with the course
- if the training has been completed
If the training has been successfully completed, ALTO provides the ability to print a certificate of completion and a transcript.
ALTO can report on the facts surrounding the learning, but is configured not to contain any decisions made on the employee.
The information associated with a learner can be used to make decisions that directly affect the individual (that is, determining eligibility for working in programs or jobs, including confirmation of an employee’s ability to authentication accessing programs/services, administering programs, or providing support to clients, and issuing or denial of permits/licenses to clients).
Type of personal information involved and context
Risk scale: 1
It is important to note that basic personal data (that is, name, e-mail, organization, title and classification) are obtained directly from the learners input via the Office System Service Request Online. There is an additional process via an external data extract from MyGCHR, used to validate and or update profiles monthly. ALTO links this personal information with information on courses that the learner has taken namely:
- what training will take place
- when the training will take place
- how the training will be delivered
- who will deliver the training
- attendance at the training
- the results of any tests that are associated with the course
If the training has been successfully completed, ALTO provides the ability to print a certificate of completion and a transcript.
Program or activity partners and private sector involvement
Risk scale: 4
The program and activity participants are as follows:
- PSPC management and staff that are involved in the delivery, management and reporting on training
- PSPC managers who get to see the progress of their employee’s training
- PSPC learners who get to see their training
The CSPS provides PSPC with an extract of courses that PSPC employees have taken via GCcampus.
Saba, the supplier of the cloud LMS, is a private sector company that hosts ALTO on their servers located in Markham, ON and Calgary, AB. Both primary and secondary sites have been vetted by Canadian Industrial Security Directorate.
Duration of the program or activity
Risk scale: 3
The management of training at PSPC has a long history. ALTO is an upgrade of technology that will provide better, more efficient and effective training operations at PSPC. Records are held for the duration of an employee’s career plus two years since last recorded action.
Program population
Risk scale: 3
The program affects various PSPC Learners including indeterminate, term, students, casual and consultants engaged in mandatory and optional internal training.
Technology and privacy
A “yes” response to any of the following may indicate the potential for privacy concerns and risks that will need to be evaluated and mitigated.
Questions
Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?
Answer: No
Does the new or modified program or activity require any modifications to IT legacy systems and / or services?
Answer: No
Does the new or modified program or activity involve the implementation of one or more of the following technologies?
Answer:
- Enhanced identification methods: No
- Use of surveillance: Yes
Details: ALTO uses the audit trails function to track unauthorized access, modification and deletion. Audit trails are retained in the system for the duration of the systems life cycle and can only be viewed or accessed by a high level administrator and, or Super User. Audit trails include: previous value, changed value, data/time and electronic signature.
Use of automated personal information analysis, personal information matching and knowledge discovery techniques.
Answer: Yes
Details: At the time of implementation of the new Alto system, PSPC HR received a base data import from MyGCHR and the CSPS. This data was deemed to be the authoritative source of information on PSPC learners. However, this source of data was not updated as regularly as anticipated at time of implementation and caused delays in account creations. New Alto accounts are processed via an internal On-Boarding process where the following information: FNAME, LNAME, EMAIL, are collected directly from the learner via an internal request form requesting an Alto account. The User Name and temporary password information is provided by Learning Services directly to the learner in order to access the system.
Personal information transmission
Risk scale: 3
At the time of implementation, ALTO was configured to accept incoming information from both the CSPS’s Saba system and the MyGCHR System, but it is not configured to provide these systems, or other systems with personal information. There is no outgoing data feed to other systems.
ALTO is a web-based platform for the management and delivery of training. The application allows printing of the information that the person has access to, such as a transcript item or certificate of completion.
It is also important to note that the application assigns “roles” to the various classes of ALTO users. It is through these ”roles” that ALTO Management Administrators regulate the amount of information that a user is allowed to view.
ALTO is a web-based application and personal information in ALTO is transmitted using wireless technologies.
Risk impact to the institution
Risk scale: 1
Risk scale: 2
The potential harm associated with a privacy breach would be the knowledge of: whether or not an employee had the required training associated with the performance of their job, and the results of any testing associated with a completed course.
Risk impact to the individual or employee
Risk scale: 1
The potential risk impact to the institution in the event of a privacy breach to PSPC would be whether or not an employee had the required training associated with the performance of their job.
Page details
- Date modified: