Biometric Collection within the Defence Intelligence Enterprise (DIE) Program
Government Institution
Department of National Defence
Government official responsible for the PIA
Christopher Duggan
Director General Intelligence Partnerships and Policy (DGIPP)
Canadian Forces Intelligence Command (CFINTCOM)
Head of the government institution or Delegate for section 10 of the Privacy Act
Anne Bank, Executive Director
Directorate Access to Information and Privacy
Description of Program or Activity (from Departmental Results Framework):
Defence Intelligence Program: The Defence Intelligence Program provides responsive, reliable and fully integrated intelligence capabilities, services and products to support and inform decisions and actions relating to potential and authorized military operations and activities assigned to National Defence, as well as any intelligence activities carried out by the Department in support of the Government of Canada's broader responsibilities with respect to national defence, national security or global affairs.
Standard or institution specific class of record:
DND MIS 085 (CAF Security and Investigations)
Standard or institution specific personal information bank:
DND PPU 061 (Defence Intelligence Records)
Legislated authority for activity:
The legal authority to conduct defence intelligence activities is firmly established in Canadian legislation (e.g. the National Defence Act), international law and elements of the common law (including the Crown Prerogative). It is derived from the Canadian Forces' authority to conduct mandated defence activities and operations approved by the Government of Canada. This authority is contingent on the existence of a nexus between the intelligence activities in question and the authorized Canadian Forces mission or defence mandated that they are to support.
Summary of the project / initiative/ change:
This PIA has been developed to assess the biometric capability of the Defence Intelligence Enterprise DIE) Program of the DND/CAF.
Defence intelligence can reveal imminent and developing threats to CAF/DND personnel, facilities, assets, allies and to Canada's overall national security. Defence Intelligence activities also provide responsive, reliable and fully integrated intelligence capabilities, services and products to support and inform decisions and actions relating to potential and authorized military operations and activities assigned to National Defence, as well as any intelligence activities carried out by the Department in support of the Government of Canada's broader responsibilities with respect to national defence, national security or global affairs.
This PIA, which focused on the collection of biometrics in support of defence intelligence capabilities of the CAF/DND as a whole, identified multiple risks with corresponding risk mitigation measures. In response, an Action Plan has been created, which identifies a lead for each risk mitigation measure along with a timeline as to when that measure must be completed. In total, all risk mitigation measures will be fully mitigated within an acceptable timeframe.
Risk Area Identification and Categorization
In its Directive on Privacy Impact Assessment, Treasury Board has expressed that the PIA must include a completed risk identification and categorization section and make public those risk ratings. A risk rating must be assigned to each risk areas named and described in Appendix C of the Directive on Privacy Impact Assessment. The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area. For this PIA the risk areas and associated risk levels are as follows:
Risk Area | Risk Level |
---|---|
Type of Program or Activity | |
Criminal investigation and enforcement / National Security |
4 |
Type of Personal Information Involved and Context | |
Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive. For example: personal information that reveals intimate details on the health, financial situation, religious or lifestyle choices of the individual and which, by association, reveals similar details about other individuals such as relatives. |
4 |
Program or Activity Partners and Privacy Sector Involvement | |
With other or a combination of federal/ provincial and/or municipal government(s). |
3 |
Duration of the Program | |
Long–term program |
3 |
Program Population | |
The program affects certain individuals for external administrative purposes. |
3 |
Technology and Privacy | |
The Department is deploying new biometric collection devices and a new system to store and process the biometrics of various person types, as well as contextual data of those persons. |
|
Information Transmission | |
The personal information is transmitted using wireless technologies. |
4 |
In the Event of a Privacy Breach Impacting the Individual | |
In the event of a privacy breach, there may be significant and negative impacts on individuals whose information has been collected by the DIE for intelligence purposes. Those negative impacts could be embarrassment/reputation, financial, or have potential life/liberty consequences. |
Page details
- Date modified: