Privacy impact reports 2016-2017

Canadian Government Annuity Program (March 2017)

Description of Program

The Canadian Government Annuity Program (CGA) administers the Government Annuities Account, which was established under the Government Annuities Act in 1908. Under this program, government annuities (deferred and immediate) were purchased either by employees or by employers as pension plans for their employees to encourage Canadians to prepare financially for their retirement. In 1975, an Act of Parliament formally ended the sale of annuities and the last group of new employees were added until 1979. This is the first PIA conducted on this program.

Why was a Privacy Impact Assessment (PIA) completed?

This PIA was completed as personal information, including Social Insurance Numbers of annuitants is used for administrative purpose.

The assessment examines the privacy risks caused by the collection, use, disclosure and retention of personal information for the administration of the CGA program, and proposes methods to reduce these risks.

More Information

This PIA focused on ESDC’s information sharing authorities, collection and use of personal information stemming from the payment and overpayment of annuities. The PIA scope includes the systems and work flows that support the CGA Program. Activities that occurred during the initial collection of personal information or ESDC’s debt write-off process are out of scope for this assessment.

The PIA identified seven low, one medium and one high level risk. A mitigation action plan has been developed and is in progress.

Integrated Learning Management System (March 2017)

Description of Program

The Integrated Learning Management System (ILMS) is a cloud-based tool for the strategic management of learning at ESDC. This activity replaces ESDC’s legacy Learning Management Systems with a Cloud-based Learning Management System (LMS).

Why was a Privacy Impact Assessment (PIA) completed?

This PIA was completed as the replacement of legacy Learning Management Systems with a Cloud-based LMS and its associated database represents a substantial modification to existing programs and activities where personal information is used or intended to be used for an administrative purpose, in this case the support of learning within ESDC.

The PIA examines the privacy-related impacts and risks associated with the replacement of the department’s legacy learning systems with a single Cloud-based LMS.

More Information

This PIA focused on ESDC’s collection, use, retention and disclosure of personal information for the administration of the Cloud-based ILMS through a third party provider. The storage of personal information and synchronization of tombstone learner data on the platform are in scope. The assessment does not include security and privacy associated with the ESDC Corporate systems that provide ILMS with data.

The PIA identified two low, two medium and two high level risks. A mitigation action plan has been developed and is in progress.

Service Canada Role in International Mobility Program Inspections (March 2017)

Description of Program

In June 2014, the Government of Canada separated the Temporary Foreign Worker Program (TFWP) into two distinct programs: TFWP led by ESDC and the International Mobility Program (IMP) led by Immigration, Refugees Citizenship Canada (IRCC). While decision making authority on IMP inspections remains with IRCC, ESDC has been authorized to leverage Service Canada/Integrity Services Branch’s (ISB) existing inspection capacity to conduct inspections to enhance the compliance regime of the IMP on behalf of IRCC.

Why was a Privacy Impact Assessment (PIA) completed?

This PIA was completed as there is a substantial modification to an existing program where personal information will be used for administrative purposes. ESDC will need to collect personal information from employers to prepare fact finding reports for IRCC. IRCC will then use this information to determine if employers are compliant with program requirements.

The PIA examines the privacy risks associated with the new transfer of information between ESDC and IRCC and proposes measures to mitigate these risks.

More Information

This PIA focused on privacy-related risks associated with the collection and disclosure of personal information pertaining to the IMP inspection activity. The assessment includes an analysis of the people, processes and systems used to collect information for disclosure between ESDC and IRCC. The report does not address the privacy concerns for the IMP as a whole, which are captured in another PIA developed by IRCC.

The PIA identified nine low and two medium level risks. A mitigation action plan has been developed and is in progress.

Global Case Management System (GCMS)- Social Insurance Register (SIR) Linkages Project (March 2017)

Description of Initiative

Immigration, Refugees and Citizenship Canada (IRCC) uses the Global Case Management System (GCMS) to manage a range of applicants who wish to become permanent residents or Citizens of Canada, as well as those seeking refugee status in Canada. ESDC supports this work by allowing GCMS to access the Social Insurance Register to help IRCC confirm the identity of their clients. Before providing new citizens, residents and refugees with a Social Insurance Number, ESDC needs to access to the GCMS to conduct identity validation with personal information found in the GCMS system. The GCMS-SIR Linkages Project is the approach used to facilitate ESDC’s connection to IRCC’s GCMS.

Why was a Privacy Impact Assessment (PIA) completed?

This PIA was completed to provide evidence of compliance with legislative requirements and to report to management on the privacy risks related to the exchange of personal information between IRCC and the Commission via the newly established GCMS-SIR Linkage. It is important to note that this new connection does not involve any new consistent uses of personal information.

The PIA examines the privacy risks and impacts of the initiative and proposes methods to mitigate these risks.

More Information

This PIA focuses on the personal information that will be transmitted through the SIR to GCMS in order to enable the electronic validation of documents from IRCC. The scope is limited to phase I of the GCMS-SIR Linkages Project and does not involve other aspects of the SIN/SIR administration process.

The PIA identified one medium and four low level risks. A mitigation action plan has been developed and is in progress.

My Service Canada Account – Canada Revenue Agency Link Project (January 2017)

Description of Project

ESDC and the Canada Revenue Agency (CRA) collaborated on an initiative to make it easier for Canadians to access information on-line. The departments linked their respective secure space portals to allow ESDC clients who use My Service Canada Account to access the CRA My Account for Individuals, without having to create a separate account on the CRA portal.

Why was a Privacy Impact Assessment (PIA) completed?

This PIA was completed as personal information, including Social Insurance Numbers, will be used as part of a decision-making process that will directly affect the individual.

This PIA examines privacy-related risks raised by the link between ESDC’s My Service Canada Account (MSCA) and CRA’s “My Account” and proposes measures to mitigate these risks.

More Information

This PIA focused on ESDC’s collection, use, retention and disclosure of personal information pertaining to this project only whereby clients will transfer between the two portals without the need for separate identity validation or login. It does not include an examination of pre-existing MSCA technology or processes including the current ESDC Registration and Authentication process nor does it examine any CRA processes and impacts.

The PIA only identified low level privacy risks, and a mitigation action plan has been developed and is in progress.

Exchange of Personal Information between Employment and Social Development Canada and Alberta Ministry of Seniors and Housing for the Administration of the Alberta Seniors Benefit (January 2017)

Description of Program

The Alberta Seniors Benefit (ASB) is a monthly monetary supplement provided by the provincial government of Alberta (Alberta) to seniors who meet various eligibility criteria, including being in receipt of an Old Age Security (OAS) pension. The ASB is administered by the Alberta Ministry of Seniors and Housing, which requires applicants to submit proof that they are OAS pension recipients. Employment and Social Development Canada (ESDC) and Alberta Ministry of Seniors and Housing have proposed a new Information Sharing Agreement (ISA) to provide the necessary framework for the disclosure of personal information required for the ASB. The proposed exchange will allow Alberta to verify if an ASB applicant is in receipt of an OAS pension, removing the burden of requiring the applicant to submit proof that they are OAS pension recipients.

Why was a Privacy Impact Assessment (PIA) completed?

A PIA was completed as Alberta will be using personal information disclosed by ESDC as part of a decision-making process that will directly affect individuals.

The PIA examines the privacy risks associated with this new exchange of information between ESDC and Alberta and proposes methods to lower these risks.

More Information

The PIA assessed the ISA, and the mode of transmission used for the exchange, collection and use of ESDC OAS information for the administration of the ASB program. The assessment does not take into consideration the initial collection of personal information by ESDC for the administration of the OAS program.

The PIA only identified low level privacy risks, and a mitigation action plan has been developed and is in progress.

Canada Disability Savings Program: Administration of Canada Disability Savings Grants & Bonds (December 2016)

Description of Program

The Registered Disability Savings Plan (RDSP) is a long-term savings plan designed to help Canadians with severe and prolonged disabilities and their families save for the future. The Canada Disability Savings Grant (grant) is a limited (up to 300%) matching grant that the government deposits into the RDSP of eligible Canadians to match contributions made to the plan. The Canada Disability Savings Bond (bond) is money the Government contributes to the RDSPs of eligible low and modest income Canadians. No contributions are necessary to receive the bond. Together, these three instruments make up the Canada Disability Savings Program (CDSP) which is administered by Employment and Social Development Canada (ESDC), the Canada Revenue Agency (CRA), Finance Canada and participating financial institutions.

Why was a Privacy Impact Assessment (PIA) completed?

This PIA was completed because the Department collects personal information, including Social Insurance Numbers, from individuals to establish eligibility to open and maintain RDSPs, and to receive grants and bonds.

The PIA identifies privacy-related risks arising from the administration of the grant and bond and proposes mitigation measures to manage or lower these risks.

More Information

This PIA focused on ESDC’s collection, use, retention and disclosure of personal information pertaining to the administration of the CDSP. The collection of authorized personal information on CRA’s behalf and information sharing agreements with partner organizations also fall within its scope.

The PIA identified seven low, four medium and one high level risk. A mitigation action plan has been developed and is in progress.

Canada Education Savings Program: Administration and Delivery of the Canada Education Savings Grant, Canada Learning Bond and Provincial Education Incentives (December 2016)

Description of Program

The Canada Education Savings Program (CESP) encourages Canadians’ use of Registered Education Savings Plans (RESP) for their children’s post-secondary education. The CESP offers two education incentives which are deposited into RESPs: The Canada Education Savings Grant (CESG) and the Canada Learning Bond (CLB).

Why was a Privacy Impact Assessment (PIA) completed?

This PIA is an addendum to the 2011 CESP PIA which indicated that if ESDC entered into new agreements with a province to administer a provincial grant there would be a requirement to update the PIA with an addendum. Personal information will be used to determine eligibility and deliver funds for provincial grants administered by ESDC.

This PIA addendum examines new privacy-related risks arising for the overall administration and delivery of provincial incentives and proposes methods to lower these risks.

More Information

This PIA focused on ESDC’s collection, use, retention and disclosure of personal information pertaining to the administration and delivery of the CESP, particularly the British Columbia Training and Educations Savings Grant and the Saskatchewan Advantage Grant for Education Savings. It does not include an examination of business practices of other organizations which participate in the program.

The PIA identified four low, one medium and one high level risk. A mitigation action plan has been developed and is in progress.

Temporary Foreign Worker Program Phase IV – administration of new administrative monetary penalties and varied bans regulations (October 2016)

Description of Program

The Temporary Foreign Worker Program (TFWP) provides employers with access to foreign workers on a temporary and limited basis, when qualified Canadians or permanent residents are not available and helps ensure that temporary foreign workers have the same rights to workplace protections as Canadian citizens and permanent residents. The TFWP is jointly managed by Employment and Social Development Canada (ESDC), Immigration, Refugees and Citizenship Canada (IRCC) and the Canada Border Services Agency (CBSA).

Why was a Privacy Impact Assessment (PIA) completed?

On December 1, 2015, amendments to the regulations came into force that established new consequences for employers who were found to have violated TFW Program conditions, adding administrative monetary penalties (AMPs) and varied bans, so that the consequences of non-compliance are proportionate to its seriousness. Personal information collected from employers who access the program will be used to determine employer non-compliance with Program requirements, which will allow application of the appropriate consequences.

The PIA examines the privacy-related risks associated with the AMPs/varied bans activities and the exchange of information between ESDC and IRCC. It proposes measures to mitigate these risks.

More Information

This PIA focused on privacy-related risks associated with the collection, use, retention and disclosure of personal information pertaining to the TFWP AMPs and varied bans.

The PIA identified seven low and three high level risks. A mitigation action plan has been developed and is in progress.

Proactive Enrolment Initiative – Phase 2 (OAS) (September 2016)

Description of Program

In 2012, Employment and Social Development Canada (ESDC) developed the Old Age Security (OAS)/Guaranteed Income Supplement (GIS) Service Improvement Strategy (OAS/GIS SIS) with the objective to improve services to a growing number of seniors in ways that would generate efficiencies for individuals and Government. A key element of the Strategy is the OAS Proactive Enrolment Initiative, which enables ESDC to offer automatic enrolment for OAS benefits to many seniors at age 65. This will improve service delivery by reducing the administrative burden on Canadians and enhancing administrative efficiencies. This initiative is being implemented in a phased approach.

Phase 2 of this initiative began in November 2016 and offers automatic enrolment to individuals who are eligible for the OAS pension at age 65.

Information on Phase 3 of the Proactive Enrolment Initiative.

Why was a Privacy Impact Assessment (PIA) completed?

This PIA was completed as ESDC will be using personal information from other sources as part of a decision-making process that will directly affect individuals.

The PIA examines the privacy risks associated with the management of personal information through the administration of the Proactive Enrolment Initiative and proposes measures to mitigate these risks.

More Information

This PIA focused on ESDC’s collection, use, retention and disposal of personal information throughout the administration of the Proactive Enrolment Initiative. It is limited to the second phase of the initiative and is not intended as an overarching program PIA under the entire OAS program.

The PIA only identified low level privacy risks, and a mitigation action plan has been developed and is in progress.

Individual Quality Feedback – Accuracy Program (September 2016)

Description of Program

The Individual Quality Feedback – Accuracy Program (IQF - Accuracy) program enhances quality assurance of Employment Insurance (EI), Old Age Security (OAS) and Canada Pension Plan (CPP) by providing a nationally consistent approach to: (1) identify and correct payment and processing errors, (2) measure the accuracy of employees involved in the processing of EI, OAS and CPP files, (3) provide feedback directly to the employee and (4) generate business intelligence to support continuous improvement of program delivery.

Why was a Privacy Impact Assessment (PIA) completed?

This PIA was completed as ESDC will be using a new system to conduct quality assurance reviews and will be handling personal information in a different manner.

The PIA examines the privacy-related risks of the IQF - Accuracy program and proposes methods to lower these risks.

More Information

This PIA analyses ESDC’s collection, use, retention and disclosure of personal information pertaining to the IQF – Accuracy program. It did not include an examination of privacy practices related to future phases of the IQF under which the program may be expanded to cover quality elements other than accuracy and employee work groups.

The PIA only identified low level privacy risks, and a mitigation action plan has been developed and is in progress.

Exchange of Information Collected under the Canada Pension Plan in Support of the Superannuation Programs Administered by Public Works and Government Services Canada (September 2016)

Description of Program

Employment and Social Development Canada (ESDC) and Public Works and Government Services Canada, now referred to as Public Services and Procurement Canada (PSPC), concluded an Information Sharing Agreement (ISA) to improve the efficiency and disclosure of personal information necessary for the administration of the Public Service, Canadian Forces and Royal Canadian Mounted Police superannuation programs. The ISA provides the terms and conditions for ESDC to disclose information related to the receipt of the Canada Pension Plan (CPP) disability pensions and information related to the death of CPP beneficiaries to PSPC.

Why was a Privacy Impact Assessment (PIA) completed?

This PIA was completed as PSPC will be using personal information disclosed by ESDC as part of a decision-making process that will directly affect individuals. In addition, PSPC will undertake secondary disclosure of information by providing personal information to third party insurers who administer long-term disability insurance on behalf of the department.

The PIA examines the privacy-related risks and associated mitigations related to the management and protection of personal information throughout the ISA, and measures were proposed to mitigate these risks.

More Information

This PIA focused on privacy-related risks associated with the collection and disclosure of personal information pertaining to the exchange of information between ESDC and PSPC. The PIA does not take into consideration initial collection of personal information by ESDC for the administration of the CPP program, nor is it intended as an overarching program assessment.

The PIA only identified low level privacy risks, and a mitigation action plan has been developed and is in progress.

Disclosure of Information Collected under the Old Age Security Act to the Province of Alberta for the Administration of the Alberta Seniors and Alberta Housing Programs – GIS Retroactive Review (August 2016)

Description of Program

Employment and Social Development Canada (ESDC) and the province of Alberta negotiated an Information Sharing Agreement (ISA) to set the parameters for a one-way disclosure by ESDC to Alberta of personal information related to the Guaranteed Income Supplement (GIS) retroactive review, which was used for the administration of the Alberta Seniors and Alberta Housing programs. The purpose of this exchange was to ensure that clients of the Alberta Department of Seniors and Housing were not negatively impacted by the GIS retroactive review. Consequently, an ISA and a Privacy Impact Assessment (PIA) were completed to ensure that personal information involved in this collaboration was appropriately managed.

The agreement was terminated December 31st, 2017.

Why was a Privacy Impact Assessment (PIA) completed?

A PIA was completed to assess the privacy risks related to ESDC’s electronic disclosure of personal information as part of a decision-making process that directly affected seniors living in Alberta who were eligible to programs administered by the Alberta Department of Seniors and Housing.

The PIA examined the privacy risks associated with the exchange of information between ESDC and the province of Alberta and proposed methods to lower these risks.

More Information

The PIA assessed the ISA, and the mode of transmission used for the exchange, collection and use of GIS information for the administration of the Alberta programs. The assessment did not take into consideration the initial collection of personal information by ESDC for the administration of the Old Age Security program, nor did it examine the calculation and payment of GIS retroactive benefits and payments made by Service Canada.

The PIA only identified low level privacy risks, and a mitigation action plan was developed and monitored until the agreement was terminated on December 31st, 2017.

Additional information

If you would like more information about the above PIAs, please contact:

Employment and Social Development Canada
Corporate Secretariat / Privacy Management Division
140 Promenade du Portage
Phase IV, 12th Floor, mailstop 1203
Gatineau, Quebec  K1A 0J9
Email: EDSC.SM.ViePrivee-Privacy.CS.ESDC@hrsdc-rhdcc.gc.ca
Telephone: 1-800-O-Canada
Teletypewriter: 1-800-926-9105

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: