Salary Management System
Privacy impact assessment (PIA) summary
Overview
The Salary Management System (SMS) is a salary budgeting and forecasting tool that will interface with other departmental information systems that will allow CSC to examine their expenditures on an ongoing basis to ensure responsible spending.
The assessment demonstrates that the proposed information sharing was developed in accordance with:
- the Privacy Act
- the Financial Administration Act, and
- the Government of Canada Security Policy
Summary of risks and recommendations
General
Risk
The lack of a quality assurance and audit program to assess the ongoing state of the safeguards applicable to the system may result in privacy-compliance problems going undetected.
The lack of documented security and privacy procedures on the requirements of handling personal information increases the risk of unauthorized access to personal information (PI).
Failure to obtain express consent for collection of SMS-related PI may create ill will and a perceived lack of transparency and increased risk of complaints.
The lack of appropriate privacy safeguards in the contract with Infuatec increases the risk of non-authorized disclosure of PI.
Recommendations for mitigation
Implement appropriate quality assurance and audit programs, policies and procedures.
Develop, document and disseminate PI handling security and privacy procedures in accordance with departmental directives.
Train users on the security and privacy requirements of PI collected in both paper and electronic form.
Consider building "opt-in", express consent mechanisms into SMS process, where possible, when dealing with Public Service hiring and compensation issues.
Discuss with Public Works and Government Services Canada (PWGSC) the possibility of negotiating appropriate privacy safeguards with Influatec.
Page details
- Date modified: