Privacy Impact Assessment Summary for the Next Generation HR and Pay Pilot
Purpose
The Government of Canada (GC) intends to replace its current pay system. It is moving toward a pay system that aligns better with the GC’s complex HR and pay structure and the future needs of the public service. As part of this initiative, SSC has contracted Ceridian to test whether its proposed cloud-based software as-a-service (SaaS) solution could satisfy the GC’s complex HR and pay requirements. This privacy impact assessment (PIA) evaluates the pilot collaboration with Ceridian.
Description
To test the solution’s ability to satisfy pilot objectives, the 18-month pilot will use HR and pay data of employees from 4 participating departments:
- Canadian Heritage
- Fisheries and Oceans Canada
- Indigenous Services Canada
- Crown-Indigenous Relations and Northern Affairs Canada
SSC has limited the scope of this PIA to 3 items:
- the personal information (PI) it collected from the information holdings of other government departments
- migration to the Ceridian environment
- use of PI as part of the pilot activities
During the pilot, HR transactions and employee pay will continue to be actioned through existing systems.
The pilot will use employee HR and pay data, as the assessment needs real-life scenarios to vet whether the solution is able to handle complex GC HR and pay situations.
The pilot will not:
- replace current HR and pay systems
- use PI collected from source systems and kept within the pilot environment to make an administrative decision that directly affects individual employees
Why the PIA was necessary
SSC and the 4 client departments established information sharing agreements that allow SSC to have their employees’ HR and pay information. This is a departure from traditional SSC initiatives. We believe conducting a PIA was prudent, considering the complexity of the pilot, including the use of a vendor SaaS solution.
Findings
The PIA identified opportunities to improve the privacy posture of the pilot, including:
- being more transparent by improving notices about how the pilot will use the information
- using data scrambling or other anonymization techniques where possible
- editing pilot project documents so they better define accountability for privacy
Page details
- Date modified: