MOU: Use and Disclosure of Information with Respect to Periods of Incarceration for the Administration of the Old Age Security Act
Privacy impact assessment (PIA) summary
Overview
A joint PIA has been conducted on the Memorandum of Understanding (MOU) regarding the Use and Disclosure of Information with Respect to Periods of Incarceration for the Administration of the Old Age Security (OAS) Act. This assessment is limited to the collection, use, disclosure and retention of the information as it pertains to the agreement.
The MOU authorizes the disclosure by the Correctional Service Canada (CSC) to Human Resources and Skills Development Canada (HRSDC) of personal information regarding individuals who are aged 60 years and older who have been recently incarcerated.
Summary of risks and recommendations
General
Risk
A potential unauthorized use or disclosure.
Recommendations for mitigation
CSC will ensure that HRSDC exercises due diligence with the information it receives on offenders in order to administer the changes to the OAS Act. This due diligence may include conducting regular privacy or security audits or reviews of the program to protect the integrity and confidentiality of the information transmitted in electronic format to HRSDC.
Risk
An increase in Access to Information Act and Privacy Act requests from offenders who are seeking to know why their personal information is being disclosed to HRSDC. They may also want details on the MOU concerning the exchange of information.
Recommendations for mitigation
CSC will prepare communication materials so that employees of those affected areas can prepare for an increase in access to information requests (ATIP) requests and grievances. Affected areas may wish to review their existing resources to identify ways to handle an influx of offender requests.
CSC has in place a mechanism that allows for the reporting and corrective action of any privacy breaches due to improper use and disclosure of personal information. This includes written privacy breach guidelines and the reporting of breaches to members of CSC's Privacy Committee, chaired by the Assistant Commissioner, Policy Sector. The guidelines stipulate that, where appropriate, a privacy risk assessment is to be completed to determine the severity of the breach and to identify those cases where the Office of the Privacy Commissioner of Canada is notified.
Page details
- Date modified: