E-recruiting - privacy impact assessment (PIA) summary
Government institution: Atlantic Canada Opportunities Agency
ACOA official responsible for the PIA:
Head of government institution or delegate for section 10 of the Privacy Act:
Diane Cormier, ATIP Director/Coordinator
Section 1 – overview and PIA initiation
Description of Program or Activity:
As part of the Public Service Commission (PSC) "New Direction in Staffing" initiative, government departments have been given greater ability to customize approaches to staffing, including agile approaches, an increased focus on outcomes, and less focus on process. The Human Resources directorate of the Atlantic Canada Opportunities Agency (ACOA) has been tasked with finding innovative ways to attract candidates from the public to the Agency and to speed up the collective staffing processes. One of the innovations identified as an industry best practice is Internet-based asynchronous video interviewing of job applicants.
Description of the class of records (CoR) associated with the program or activity:
Recruitment and Staffing - Includes records related to the recruitment and staffing of people to fill full-time or part-time positions within the institution. Records may include information related to screening, examining, testing, interviewing, assessing, selecting, hiring, and promoting candidates for employment. May also include information related to terms and conditions of employment (including conflict of interest), deployments, assignments, and secondments, student, professional, and occupational recruitment, post-employment appeals, and area of selection, as well as information received from or shared with central agencies responsible for recruitment and staffing, other employment agencies, or both.
CoR number: PRN 920
Description of personal information bank (PIB) related to the program or activity:
Staffing - This bank describes information about recruitment and staffing activities, which includes solicited and unsolicited applications for employment, position reclassifications, secondments, deployments, and other work assignments or arrangements within government institutions. Personal information may include name, contact information, assessment/test results, biographical information, citizenship status, date and place of birth, educational information, employee identification number, employment equity information, employee personnel information, financial information, official language proficiency, medical information, opinions and views of, or about, individuals, and signatures.
PIB number: PSE 902
Legal authority for program or activity:
Summary of the project / initiative / change:
ACOA wishes to contract the provision of these services for a one year pilot project by a third party, as the expertise does not exist within the department to create a platform for candidates to video-record interview responses and organize them for later review.
The contractor will provide video interviewing software and may provide other services such as automated reference checking and skill testing of applicants. Members of the assessment board composed of Human Resources (HR) staff and hiring managers will review the videos, which will be accessed with username and password, to assess the candidates. Applicants will have the choice to opt out of the on-line service.
Section 2 - risk area identification and categorization
|a) Type of Program or Activity||Level of Risk to Privacy||Rating|
|Program or activity that does NOT involve a decision about an identifiable individual||1|
|Administration of Programs / Activity and Services||2||2|
|Compliance / Regulatory investigations and enforcement||3|
|Criminal investigation and enforcement / National Security||4|
|b) Type of Personal Information Involved and Context||Level of risk to privacy||Rating|
|Only personal information provided by the individual – at the time of collection – relating to an authorized program & collected directly from the individual or with the consent of the individual for this disclosure / with no contextual sensitivities.||1|
|Personal information provided by the individual with consent to also use personal information held by another source / with no contextual sensitivities after the time of collection.||2||2|
|Social Insurance Number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual.||3|
|Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive.||4|
|c) Program or Activity Partners and Private Sector Involvement||Level of risk to privacy||Rating|
|Within the Agency (amongst one or more programs within the same institution)||1|
|With other federal institutions||2|
|With other or a combination of federal/ provincial and/or municipal government(s)||3|
|Private sector organizations or international organizations or foreign governments||4||4|
|d) Duration of the Program or Activity||Level of risk to privacy||Rating|
|One time program or activity||1|
|Long-term program (one year with possibility of extension)||3||3|
|e) Program Population||Level of risk to privacy||Rating|
|The program affects certain employees for internal administrative purposes.||1|
|The program affects all employees for internal administrative purposes.||2|
|The program affects certain individuals for external administrative purposes.||3||3|
|The program affects all individuals for external administrative purposes.||4|
|f) Technology and Privacy||Risk to privacy|
|Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?||Yes|
|Does the new or modified program or activity require any modifications to IT legacy systems and / or services?||No|
|The new or modified program or activity involve the implementation of one or more of the following technologies:
- Enhanced identification methods
- Use of Surveillance
- Use of automated personal information analysis, personal information matching and knowledge discovery techniques.
|g) Personal Information Transmission||Level of risk to privacy||Rating|
|The personal information is used within a closed system.||1|
|The personal information is used in system connected to at least another system.||2|
|The personal information is transferred to a portable device or is printed.||3|
|The personal information may be transmitted by candidates using wireless technologies.||4||4|
|h) Risk Impact to the Agency||Level of risk to privacy||Rating|
Processes must be reviewed, tools must be changed, change in provider / partner.
Changes to the organizational structure, changes to the organizations decision-making structure, changes to the distribution of responsibilities and accountabilities, changes to the program activity architecture, departure of employees, reallocation of HR resources.
Lawsuit, additional moneys required reallocation of financial resources.
|Reputation harm, embarrassment, lost of credibility.
Decrease confidence by the public, elected officials under the spotlight, institution strategic outcome compromised, or government priority compromised.
|i) Risk Impact to the Individual or Employee||Level of risk to privacy||Rating|
|Reputation harm, embarrassment||2||2|
Report a problem or mistake on this page
- Date modified: