Uniform program
Privacy impact assessment (PIA) summary
Overview
Correctional Service Canada (CSC) provides uniform clothing (work, dress uniform, dog handler, drivers and other entitled employee uniform items) to approximately 6,800 correctional officers, 100 drivers and various employees entitled to uniforms across Canada. CSC is responsible for the overall management of its employee clothing program. In previous years, employees have ordered their uniforms and other clothing items directly through the National Depot in Laval Quebec, with the overall management of the program administered by Technical Services, Corporate Services Branch. As a result of a contract awarded in June 2009, this service will now be the responsibility of Logistik Unicorp Inc. with the administrative authority remaining with Technical Services, Corporate Services Branch.
Summary of risks and recommendations
Risk
The contract awarded to Logistik Unicorp Inc. and the statement of work does not refer to any requirements regarding proper safeguarding or retention of personal information under their control.
Recommendations for mitigation
The contract and statement of work will be revised to include the appropriate privacy clauses/requirements. This will be done in consultation with Public Works and Government Services Canada (PWGSC) and CSC's legal services.
Risk
CSC does not have a personal information bank for the Uniform Program and is therefore not in compliance with the legislative requirement outlined in section 10 of the Privacy Act. If personal information collected is not described in a corresponding personal information bank (PIB) it will result in a poor management accountability framework (MAF) rating.
Recommendations for mitigation
An institution specific PIB was created and will be included in the 2010 Info Source Updates.
Risk
A threat risk assessment (TRA) of Logistik's system has not been conducted by CSC's Information Technology (IT) Division. Until the completion of the TRA, it cannot be determined if there is any IT security risks associated with Logistik's system.
Recommendations for mitigation
A TRA will be done immediately following the completion of the PIA
Page details
- Date modified: