Response and Support Coordination (RSC); a sub-program of the Sexual Misconduct Response Centre (SMRC)

Government Institution
Department of National Defence

Government official responsible for the PIA
Dr. Denise Preston
Executive Director, Sexual Misconduct Response Centre

Head of the government institution or Delegate for section 10 of the Privacy Act
Deirdra Finn, Director
Directorate Access to Information and Privacy

Description of Program or Activity (from Departmental Results Framework):

Defence Team

Recruit, develop and support an agile and diverse Defence Team, within a healthy workplace free from harmful behaviour; support military families; and meet the needs of all retiring military personnel, including the ill and injured. Strengthen Canadian communities by investing in youth.

Standard or institution specific class of record:

Sexual Misconduct: DND SMR 100

Standard or institution specific personal information bank:

Sexual Misconduct Response Centre, DND PPU 880

Legislated authority for activity:

Personal information is collected, used and disclosed by the SMRC, including its Response Support Coordination activity, under the authority of s. 3 and 4 of National Defence Act.

Summary of the project / initiative/ change:

After the launch of the Sexual Misconduct Response Centre (SMRC) in 2015, the CAF assessed the activities and services provided to determine if the CAF was providing a fulsome suite of support to victims of sexual misconduct in the CAF. Based on those assessments, which included the External Review Authority’s Report on Sexual Misconduct in the Canadian Armed Forces, the Office of the Auditor General’s Report on Inappropriate Sexual Behaviour – CAF, and existing studies on sexual misconduct victim support, gaps were identified in the SMRC service suite. Specifically, there was a lack of consistent and comprehensive support throughout the process that affected members may be engaged in, the lack of advocacy and accompaniment services, and the need for more practical assistance.

To address these gaps, as part of the SMRC, the Response and Support Coordination (RSC) Program was launched in 2019 to provide active CAF members who have experienced sexual misconduct with an assigned and dedicated Coordinator to offer on-going support and assistance until such time that the individual no longer requires services, withdraws consent, or transitions to civilian services.

Contrary to the historical services provided by the SMRC, RSC participants must consent to identifying themselves in order for the dedicated Coordinator to receive their calls and emails, as well as perform some of the personalized assistance, such as:

1. Dedicated Coordinator: each participating member is assigned to one Coordinator, who provides the individual with her work email and cellular phone to support the RSC services.
2. In-Person Support:  barring any pandemic safety concerns, support services are provided in person.
3. Case Management:  assistance in navigating and accessing services while reducing barriers to accessibility. This includes internal services such as Canadian Forces Health Services (CFHS) and Military Police/National Investigation Services (MP/NIS), as well as external services, such as outside medical, law enforcement, and mental health.
4. General/Practical Assistance: various assistance activities, such as completing forms, preparing for court, police interviews, and completing Victim Impact Statements (for court).
5. Advocacy: contacting internal and external organizations to advocate for the member.  
6. Accompaniement: attend appointments and events with the member. These may include appearances at court, prosecutor and police interviews, medical appointments (including mental health), MP/NIS interviews, and other internal and external appointments. For various reasons, including privacy, Coordinators are not present during some of these events, such as in the examination room at a doctor’s office; however, they are in the waiting room before and after these appointments.

All of these activities are supported through individual consent at the onset of RSC participation, as well as ongoing consent. The client may withdraw their consent at any time and may choose to have the Coordinator present at one appointment/event but not at another. The client dictates the assistance provided by the Coordinator.

In the completion of this PIA, there were ten risks identified with corresponding risk mitigation recommendations. SMRC management reviewed those recommendations, agreed with them, and developed an Action Plan to remove those risks by completing various risk mitigation activities. While some risk mitigation activities have already been completed, the target date for removing all risks, by completing all activities in the Action Plan, is August 2021.

Risk Area Identification and Categorization

In its Directive on Privacy Impact Assessment, Treasury Board has expressed that the PIA must include a completed risk identification and categorization section and make public those risk ratings.  A risk rating must be assigned to each risk areas named and described in Appendix C of the Directive on Privacy Impact Assessment. The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area. For this PIA the risk areas and associated risk levels are as follows:

Risk Area	Risk Level
Type of Program or Activity Administration of Programs / Activity and Services. Personal information is used to make decisions that directly affect the individual (i.e. determining eligibility for programs including authentication for accessing programs/services, administering program payments, overpayments, or support to clients, issuing or denial of permits/licenses, processing appeals, etc.)	2
Type of Personal Involved and Context Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive. For example: personal information that reveals intimate details on the health, financial situation, religious or lifestyle choices of the individual and which, by association, reveals similar details about other individuals such as relatives.	4
Program or Activity Partners and Privacy Sector Involvement Within the institution (amongst one or more programs within the same institution)	1
Duration of the Program Long-term program. Existing program that has been modified or is established with no clear “sunset”.	3
Program Population The program affects certain individuals for external administrative purposes.	3
Technology and Privacy The Sexual Misconduct Response Centre uses an MS Dynamics installation to manage all cases and calls. For Response and Support Coordination activities, a new feature was added to that instance of Dynamics.
Information Transmission The personal information is transferred to a portable device or is printed. USB key, diskette, laptop computer, any transfer of the personal information to a different medium.	3
In the Event of a Privacy Breach Impacting the Individual In the event of a privacy breach of the program’s systems, there are potentially significant and lasting negative impacts on the reputation and health/safety of RSC client. The RSC, and SMRC in general, collects and stores extremely sensitive information, such as detailed descriptions of sexual assaults, MP investigations, grievances, harassment complaints, as well as treatment, medical records, and PTSD-related information.  The unauthorized disclosure of such information would, at a minimum, cause general embarrassment to clients, but greater health and safety risks exist; for example, a sexual assault victim may relive the sexual assault as a result of an unauthorized disclosure, aggravate/exacerbate PTSD, negatively impact relationships, etc.