Privacy Impact Assessment - Online Employment Application

Canadian Forces Recruiting Group

Online Employment Application Privacy Impact Assessment Summary

The Canadian Forces Recruiting Group (CFRG) Online Employment Application provides the ability for military prospective applicants (Regular and Reserve Forces) to submit personal information required for an employment application via the Internet. The application is accessed from the Canadian Forces (CF) recruiting website.

The Online Employment Application was developed to streamline the application process and to automatically create an electronic application record. The implementation of the Online Employment Application in 2005 will reduce the current use of the paper form, which requires Canadian Forces recruiting staff to manually enter information into the Canadian Forces Recruitment Information Management System (CFRIMS). In addition, the Online Employment Application will allow prospective applicants to view the status of their application throughout the enrolment process by providing information on the scheduling of enrolment activities and the requirements to provide documentation (such as education transcripts and proof of citizenship). The corresponding internal component of the system, the Application Tracking System, will provide administrative functions to the CFRG recruiting staff and provide Reserve unit recruiters with real-time processing status of their respective applicants.

ePass Common Registration Services (CRS) are provided by Secure Channel for user identification to access the Online Employment Application. The Military eRecruiting Project is the Department of National Defence (DND)/CF pilot project for the use of Secure Channel services.

The major benefits of the Online Employment Application include:

The quantity and type of personal information collected by the Online Employment Application is the same information CFRG has been collecting via paper form, the DND 2170 Canadian Forces Employment Application, and is typical of personal information collected by any employer for a job application. The project to implement the Online Employment Application did not redesign the CFRG recruiting program nor did it change or expand the collection, use or disclosure of personal information that is currently done. The project's primary purpose was to expand the service delivery options presented to Canadian citizens with which they can make an employment application to the Canadian Forces.

A Privacy Impact Assessment (PIA) was conducted prior to the implementation of the Online Employment Application. The purpose of the assessment was to:

The scope of assessment was limited to the personal information collected for the Online Employment Application, the Application Tracking System, and the data transfer of the personal information to CFRIMS. The assessment also included the processes for retention and destruction of the DND 2170 Canadian Forces Employment Application Form that is printed from the Online Employment Application system for signature.

The Privacy Impact Assessment found that the Online Employment Application, CFRG business processes, and information management procedures and policies for personal information are compliant with the Privacy Act, the 10 privacy principles related to personal information, and Treasury Board Secretariat (TBS) Policy on Privacy and Data Protection. Policies and directives addressing privacy and personal information are documented in DND/CF general directives and orders as well as in CFRG-specific directives, orders, Standard Operating Procedures (SOPs), and the Recruiter's Handbook. Program personnel are trained and made aware of their responsibilities for the use, disclosure, and safeguarding of personal information.

The Online Employment Application system architecture has been designed to ensure security of a prospective applicant's personal information while in transit and where it is retained. Access to the system by internal users (CFRC, CFRG and Reserve Unit recruiting personnel) will be controlled and limited to those who have a minimum reliability clearance, applicable recruiter training qualifications and a business need to know.

The Online Privacy Notice, Consent, and Disclaimer that prospective applicants must agree to before entering any personal information online follows TBS Guidelines. It clearly articulates a prospective applicant's privacy rights, the use of their personal information, and alternative methods of application.

Five privacy risks were identified and deemed low risk. These risks and the corresponding mitigation action plans are:

  1. Risk: The accountability of the CFRG recruiting program custodian and controller of personal information is not specifically documented.

    Mitigation: CFRG will assign the custodial duties of personal information collected throughout the recruiting process to the Recruiting Personnel Selection Officer (RPSO) and develop Terms of Reference (TOR) specifically documenting their accountability.

  2. Risk: Lack of performance requirements for the program custodian in fulfilling the requirements for custody and control of personal information.

    Mitigation: The RPSO will enlist the assistance of ADM (FIN CS) Directorate Access to Information and Privacy (DAIP) privacy analysts in the formulation of performance measurements, training plans, and maintenance plans.

  3. Risk: Lack of briefing on privacy requirements of personal information, for third party contractors who are employed in the information management of CFRG systems.

    Mitigation: The ADM (HR Mil) Information Systems Security Officer (ISSO) will be taking action to incorporate privacy requirements into the Information Systems Security Indoctrination Guide.

  4. Risk: ADM (HR Mil) information technology staff, who manage and maintain the Online Employment Application system and CFRIMS, do not receive formal training on the requirements of protecting personal information.

    Mitigation: ADM (HR-Mil) Directorate Human Resources Information Management has recognized the need for training prior to the PIA assessment and is in the initial planning stages of implementing such training.

  5. Risk: A procedure for providing an individual with access to their personal information in an alternate format is not documented.

    Mitigation: The recruiter's handbook is in the process of being updated by the RPSO and the recommendation will be implemented in the update

For more information about the Privacy Impact Assessment, please contact the National Defence Access to Information and Privacy office.

Page details

Date modified: