Operational and Non-Operational Clothing and Footwear Program
In order to sustain and support the Canadian Armed Forces (CAF) and its defence capabilities, the Department of National Defence (DND) produces and maintains an inventory and supply chain of materials, systems, information, and real property. This inventory of goods and services helps ensure that critical defence elements and capabilities are continuously available in the appropriate quantity. A central focus of defence capability production programming is providing an adequate and sustained supply of materials and supplies to military personnel.
Since 1996, non-operational military clothing and select military supplies have been managed and distributed to CAF members by a third-party service organization under contract with DND. In early 2021, the consolidated clothing contract with the third-party ended. It has since been replaced by a Non-Operational Clothing and Footwear contract. The success of this contract has led to the creation of a second contract for Operational Clothing and Footwear for all things operational and occupational. Together, these two contracts will cover all the clothing needs of CAF members.
Under the terms of these two new contracts, the selected vendor(s) will be responsible for the acquisition, inventory, and distribution of military clothing and footwear. Using a managed clothing solution and on-line clothing ‘store’, the vendor(s) will provide a direct ordering and delivery system for military clothing and footwear to all CAF members. In addition to creating an on-line order management system, vendor(s) will be required to provide DND with a complete supply chain management approach that encompasses program management and professional services, manufacturing, warehousing and inventory management, order processing and management, and distribution and delivery.
By using a third-party vendor, DND expects to lower its administrative overhead and supply chain costs. Outsourcing is also expected to reduce DND’s material inventory and improve acquisition cycles and order/delivery response times.
1. Scope of the Privacy Impact Assessment (PIA)
DND is named in the Schedule to the Privacy Act and is subject to the privacy policies and directives of the Treasury Board of Canada Secretariat (TBS). Under the TBS Policy on Privacy Protection, all federal institutions subject to the Privacy Act are required to undertake an assessment of the privacy impacts associated with the development or design of new programs or services involving personal information (or when making significant changes to an existing program or service).
In keeping with the above, DND has elected to undertake a PIA in relation to the administration of its two new managed clothing solution contracts. Although the Department’s managed clothing solutions are to be operated by third-party vendors, DND may collect, share, and retain personal information in support of the vendor solution and the Department’s clothing and footwear program more generally.
The PIA included a review of DND’s process to supply, collect, and retain personal information in the overall administration of its two new managed clothing solutions. This includes a review of the manner in which personal information will be used by DND for clothing and footwear supply chain management and programming. The PIA also included a review of privacy and data security provisions to be included in the Department’s vendor agreements. The PIA did not include a review of the vendor’s personal information handling practices. Nor did it include review of the vendor’s systems controls. Vendors are expected to conduct their own privacy and security assessments in relation to their managed clothing solutions and order management systems, and to handle personal information under their care in keeping with Canadian privacy laws.
2. Privacy Assessment
Based on the results of the PIA, privacy risks arising from the collection, use, disclosure, and retention of personal information from the administration of its new managed clothing solution contracts are expected to be low. Recommendations included in the PIA, as fully adopted, are expected to reduce those risks to a negligible (or acceptable) level.
Personal information collected by DND/CAF and its selected vendor(s) for the management and supply of military clothing and footwear will be limited to that which is essential for clothing supply (in keeping with data sets that have traditionally been collected). Personal information, once collected, will only be used for the supply of military service dress, ceremonial wear, operational and occupational clothing, and for the overall administration of the clothing and footwear program. All personal information collected by DND/CAF and its vendor(s) will be secured in a manner commensurate with its sensitivity and retained for only as long as it is needed. Potential impacts on the privacy of CAF members will be managed by DND/CAF through appropriate legal, policy and technical measures geared at the protection of their personal information.
3. Risk Area Identification and Categorization
| Risk Area | Risk Level |
|---|---|
A: Type of Program or Activity |
2 |
B: Type of Personal Information Involved and Context |
2 |
C: Program or Activity Partners and Private Sector Involvement |
4 |
D: Duration of the Program or Activity |
3 |
E: Program Population |
1 |
F: Technology and Privacy |
N\A |
G: Personal Information Transmission |
4 |
H: Risk Impact to the Individual or Employee |
1 |
I: Risk Impact to the CHRC |
1 |
Page details
- Date modified: