Justice Administration and Information Management System
1. About the Department of National Defence
DND is responsible for supporting the Navy, Army, Air, and Special Forces in the defence of Canadian interests at home and abroad. When combined, DND/CAF is Canada's largest federal department, employing nearly 125,000 personnel. This includes 72,000 Regular Force members, 30,000 Reserve Force members, and 25,000 civilian or non-uniformed employees.
2. Canada's Military Justice System
CAF's ability to fulfill its mandate depends, in large part, on the discipline and the operational effectiveness of the CAF. Military members are governed by the Code of Service Discipline, Part III of the National Defence Act, which serves as the foundation of Canada's military justice system. It deals with the discipline, efficiency, and morale of the military, and sets out disciplinary jurisdiction and service offences for all members of the CAF.
3. Improving Oversight and the Administration of the Military Justice System
In May 2018, the Office of the Auditor General released the results of an audit of the Administration of Justice in the Canadian Armed Forces. In that report, the Auditor General concluded that the CAF was not administering Canada's military justice system efficiently enough, and that delays in summary trials and court martial cases were the result, in part, of systemic organizational issues. The Auditor General also concluded that the Office of the Judge Advocate General (OJAG) was not providing effective oversight of the military justice system -- in large part because it did not have the information it needed to adequately oversee the system.
Based in part on the recommendations of the Auditor General, and those of the House of Commons Standing Committee on Public Accounts in December 2018, DND/CAF continued development of a comprehensive new case management system to digitize and better monitor military case files. The Justice Administration and Information Management System (JAIMS) is a Microsoft Dynamics application designed to track military justice files from the reporting of an alleged offence, through to investigation, charge laying, trial disposition, and review. System users (which include investigators, charge layers, presiding officers, review authorities, referral authorities, and legal advisors) input data at successive stages of disciplinary process, allowing the status of case files to be monitored and managed in real-time, both at the unit level and by the chain of command.
The implementation of JAIMS is expected to provide the DND/CAF with the means to provide key military justice stakeholders with a responsive, user-friendly, effective, and efficient case management tool that facilitates the administration of military justice. The system is also intended to help ensure that cases proceed through the military justice system in a reasonable and timely manner. In conjunction with the implementation of the system, DND/CAF has also developed a new governance framework for all case files. System features will support that framework by, among other things, prompting actors when actions are required on individual files.
4. Purpose and Scope of the Privacy Impact Assessment (PIA)
DND is named in the Schedule to the Privacy Act and is subject to the privacy policies and directives of the Treasury Board of Canada Secretariat (TBS). Under the TBS Policy on Privacy Protection, all federal institutions subject to the Privacy Act are required to undertake an assessment of the privacy impacts associated with the development or design of new programs or services involving personal information (or when making significant changes to an existing program or service).
In keeping with the above, DND has elected to undertake a PIA in relation to the implementation and administration of JAIMS. Whereas the CAF will collect, process, and retain personal information in relation to military justice case files in JAIMS, and whereas that information will be used to make decisions about identifiable individuals, a PIA was considered necessary. The PIA was performed to assess the manner in which personal information is to be processed and stored in JAIMS, and to identify potential privacy issues in the system's design and operation.
The JAIMS PIA was completed under the direction of the Military Justice Division of the Office of the JAG, and approved by DND's Director of Access to Information and Privacy (DAIP) Coordinator (DND's delegate under section 73 of the Privacy Act). The Military Justice Division of the Office of the JAG is responsible for providing direct, operational support to the JAG as the superintendent of the administration of military justice in the CAF.
5. Privacy Analysis
Based on the results of the PIA, privacy risks arising from the collection, use, disclosure, and retention of personal information using JAIMS are expected to be low. Personal information collected by DND/CAF and stored in JAIMS will be limited to that which is essential for disciplinary case files, and that which is already being collected under the authorities of the CAF's military justice system. No new data sets are to be collected, used, stored in, or disclosed through JAIMS. Personal information, once collected, will only be used to document incidents and complaints, and to support the timely administration and closure of disciplinary case files. All personal information collected by DND/CAF and its users (including investigators, charge layers, presiding officers, review authorities, referral authorities, and legal advisors) will be secured in a manner commensurate with its sensitivity and retained for only as long as it is needed.
Potential impacts on the privacy of individuals are being properly managed by DND/CAF through appropriate legal, policy and technical measures geared at the protection of that information. Recommendations included in PIA are expected to reduce risks to an acceptable level.
6. Risk Area Identification and Categorization
| Risk Area | Risk Level |
|---|---|
| A: Type of Program or Activity | Level of Risk to Privacy |
| Personal information is used to make decisions that directly affect the individual (i.e. determining eligibility for programs including authentication for accessing programs/services, administering program payments, overpayments, or support to clients, issuing or denial of permits/licenses, processing appeals, etc…). | 2 |
| Personal information is used for purposes of detecting fraud or investigating possible abuses within programs where the consequences are administrative in nature (i.e., a fine, discontinuation of benefits, audit of personal income tax file or deportation in cases where national security and/or criminal enforcement is not an issue). | 3 |
| Personal information is used for investigations and enforcement in a criminal context (i.e. decisions may lead to criminal charges/sanctions or deportation for reasons of national security or criminal enforcement). | 4 |
| B: Type of Personal Information Involved and Context | Level of Risk to Privacy |
| Personal information provided by the individual with consent to also use personal information held by another source / with no contextual sensitivities after the time of collection. | 2 |
| Social Insurance Number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual. | 3 |
| Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive. | 4 |
| C: Program or Activity Partners and Private Sector Involvement | Level of Risk to Privacy |
| Within the department (amongst one or more programs within the department) | 1 |
| With other federal institutions | 2 |
| D: Duration of the Program or Activity | Level of Risk to Privacy |
| Long-term program: Existing program that has been modified or is established with no clear "sunset". | 3 |
| E: Program Population | Level of Risk to Privacy |
| The program affects certain employees for internal administrative purposes. | 1 |
| The program affects certain individuals for external administrative purposes. | 3 |
| F: Technology and Privacy | Level of Risk to Privacy |
| Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information? | Yes |
| Does the new or modified program or activity require substantial modifications to IT legacy systems and / or services? | No |
| The new or modified program or activity involves the implementation of potentially privacy invasive technologies? | No |
| G: Personal Information Transmission | Level of Risk to Privacy |
| The personal information is used in system that has connections to at least one other system. | 2 |
| The personal information may be printed or transferred to a portable device. | 3 |
| The personal information is transmitted using wireless technologies. | 4 |
| I: Risk Impact to the Individual or Employee | Level of Risk to Privacy |
| Inconvenience. | 1 |
| Reputation harm, embarrassment. | 2 |
| Financial harm. | 3 |
| Physical harm. | 4 |
| H: Risk Impact to the Department | Level of Risk to Privacy |
| Managerial harm. Processes must be reviewed, tools must be changed, change in provider / partner. |
1 |
| Organizational harm. Changes to the organizational structure, changes to the organizations decision-making structure, changes to the distribution of responsibilities and accountabilities, changes to the program activity architecture, departure of employees, reallocation of HR resources. |
2 |
| Financial harm. Lawsuit, additional moneys required reallocation of financial resources. |
3 |
Page details
- Date modified: