Sexual Misconduct Response Centre

Section 1 – Privacy Impact Assessment Overview (PIA)

Government Institution
Department of National Defence

Government official responsible for the PIA
Dr. Denise Preston
SMRC Executive Director

Head of the government institution or Delegate for section 10 of the Privacy Act
Deirdra Finn
Director, Directorate Access to Information and Privacy

Description of Program or Activity:

Defence Team Management
The Defence Team Personnel Management program is directed toward the Department of National Defence/Canadian Armed Forces leadership for decision-making purposes and the stewardship of the military personnel management system.

Standard or institution specific class of record:
A new COR has been developed and is pending approval from TBS.

Standard or institution specific personal information bank:
A new PIB has been developed and is pending approval from TBS.

Legislated authority for activity:

National Defence Act
Legal authority for this Centre is derived from the National Defence Act (NDA). The Minister of National Defence is a federal Cabinet Minister who is responsible for management and direction of the Canadian Armed Forces and all matters relating to National Defence (pursuant to s.4 of the National Defence Act (NDA)). Control and administration of the CAF resides with the Chief of Defence Staff. Section 18(1) of the NDA states that the Governor in Council may appoint an officer to be the Chief of the Defence Staff (CDS), who shall hold such rank as the Governor in Council may prescribe and who shall, subject to the regulations and under the direction of the Minister, be charged with the Control and administration of the Canadian Forces. As per 18(2) of the NDA, unless the Governor in Council otherwise directs, all orders and instructions to the Canadian Forces that are required to give effect to the decisions and to carry out the directions of the Government of Canada or the Minister shall be issued by or through the Chief of the Defence Staff.

Privacy Act
The Privacy Act provides guidance regarding the collection, use, disclosure, and retention of personal information. In section 8(2), the Privacy Act provides authority to disclose personal information without consent in specific situations. Should a situation arise where the SMRC would need to make such a disclosure, section 8(2) would guide and authorize this disclosure.

Operations Order CDS OP Order – Op HONOUR – August 2015

Policy Authority: Op HONOUR was issued following the External Review Authority Report on Sexual Misconduct and Sexual Harassment in the CAF. The mission of this operation is, “To eliminate harmful and inappropriate sexual behavior within the CAF.” To achieve its mission four strategies are identified, involving four lines of effort: understand, respond, support and prevent. The creation of the SMRC is outlined under paragraph 13(c) in the “support” line of effort.

Summary of the project / initiative/ change:
The Sexual Misconduct Reporting Centre (SMRC) was created in 2015 to provide confidential support to active Canadian Armed Forces (CAF) members affected by sexual misconduct and to help them make informed choices on available services and resources to meet their individual needs. The SMRC provides confidential supportive counselling by telephone 24/7 or by email, as well as a case management program that offers ongoing support and assistance to CAF members who have experienced sexual misconduct.

Support provided by the SMRC includes: active listening, identification of options, provision of information on resources, and facilitated access to services provided by internal and external partners, such as CF Health Services, Chaplaincy, Military Police / Canadian Forces National Investigation Service, Canadian Forces Members’ Assistance Program, Family Information Line, and Military Family Resource Centre. In addition to these services, Response and Support Coordinators can also provide advocacy, accompaniment and assistance with workplace arrangements.

Section 2- PIA Risk Area Identification and Categorization

Risk Area Identification and Categorization

In its Directive on Privacy Impact Assessment, Treasury Board has expressed that the PIA must include a completed risk identification and categorization section and make public those risk ratings.  A risk rating must be assigned to each risk areas named and described in Appendix C of the Directive on Privacy Impact Assessment. The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area. For this PIA the risk areas and associated risk levels are as follows:

Risk Area Risk Level

Type of Program or Activity
Administration of Programs / Activity and Services
Personal information is used to make decisions that directly affect the individual (i.e. determining eligibility for programs including authentication for accessing programs/services, administering program payments, overpayments, or support to clients, issuing or denial of permits/licenses, processing appeals, etc.)

2

Type of Personal Involved and Context
Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive.
For example: personal information that reveals intimate details on the health, financial situation, religious or lifestyle choices of the individual and which, by association, reveals similar details about other individuals such as relatives.

4

Program or Activity Partners and Privacy Sector Involvement
Within the institution (amongst one or more programs within the same institution)

1

Duration of the Program
Long-term program
Existing program that has been modified or is established with no clear “sunset”

3

Program Population
The program affects certain individuals for external administrative purposes.

3

Technology and Privacy
The program (SMRC) activities involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information.

Information Transmission
The personal information is transmitted using wireless technologies

4

In the Event of a Privacy Breach Impacting the Individual
In the event of a privacy breach and the unauthorized disclosure of the personal information collected by the SMRC the potential outcomes could include : embarrassment or harm to a client’s reputation, ridicule, loss of social standing or threats of violence; further harm to the well-being of the client; allegations having to be investigated against the wishes of the victim (if the breach included a disclosure to a military member who may have a duty to report); a client having to participate and be compelled to be part of an investigation and loss of employment.

Page details

Date modified: