Language selection

Government of Canada / Gouvernement du Canada

Search

Privacy Impact Reports 2021 to 2022

On this page

April

May

June

July

October

December

March

April

Canada Service Corps Civic Participation Pilot – Application Intake and Selection (Phase 1) Privacy Analysis – April 2021

Description of program/activity

The Civic Participation Pilot is a Youth Leadership initiative by the Canada Service Corps (CSC) under Employment and Social Development Canada’s (ESDC) Learning Branch. Civic Participation Pilot will provide a virtual learning and leadership experience to 200 youth (ages 18 to 30) from across the country.

Need for a privacy analysis

The Privacy Management Division completed this privacy analysis to identify privacy risks associated with the collection of personal information from youth applicants. In addition, the analysis included the engagement of a third-party cloud-services provider to collect and store personal information.

More information

The Privacy Analysis identified 2 medium risks, 1 low risk, and 2 compliance issues. The strategies to address these risks have been mitigated.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


Receipt of Entry-Exit Data from the Canada Border Services Agency by the Old Age Security Program - Privacy impact assessment Addendum - April 2021

Description of program

This Addendum is related to a privacy impact assessment completed in March 2020 for the receipt of entry-exit data from the Canada Border Services Agency by the Old Age Security (OAS) Program. Employment and Social Development Canada’s Integrity Services Branch (ISB) is responsible for investigating fraud and abuse of the Old Age Security Program including, individuals who received a pension and/or benefits while absent from Canada. ISB is reviewing traveller information (entry-exit data) received by Canada Border Services Agency (CBSA).

May

Enabling Services Renewal Program (ESRP)–myEMS (PeopleSoft) (2015) PeopleSoft Human Capital Management (HCM) - 9.2 - privacy impact assessment Addendum – May 2021

Description of program/activity

Employment and Social Development Canada (ESDC) is upgrading their Human Capital Management (HCM) system, PeopleSoft from version 9.1 to version 9.2. This will allow for ESDC to leverage latest functions like advanced data analytics, mobile capability and higher accessibility standards.

Need for privacy impact assessment (PIA)

The Privacy Management Division completed this addendum to the Enabling Services Renewal Program (ESRP) – myEMS (PeopleSoft) Privacy Impact Assessment of 2015 was necessary to address this upgrade, new collection, new use of personal information for administrative purposes address any privacy concerns.

More information

The addendum focused on the changes in the new version of PeopleSoft, the supporting IT systems, and relevant privacy tools such as Privacy Notice Statements and Personal Information Banks.

The PIA has identified 2 compliance issues associated with the upgrade of PeopleSoft 9.1 to 9.2. The risks are in the process of being mitigated.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


Hosted Contact Centre Solution (HCCS): WAVE 2 - Privacy Analysis for IT Solution- May 2021

Description of program/activity

The Hosted Contact Centre Solution (HCCS) is a government-wide, hosted, services-based contact center technology solution acquired by Shared Services Canada (SSC) to replace the many aging and diverse departmental contact centre technologies throughout the Government of Canada.

Need for privacy analysis for IT solutions (PAITS)

The Privacy Management Division completed the PAITS because a new IT solution is a major change to existing contact center practices and to identify privacy risks related to Wave 2 of HCCS.

More information

The PAITS focused on Wave 2 of HCCS, which includes the addition of the 2 remaining contact centers: the National Identity Services (NIDS) and the Regional Enquiry Units (REUs). The PAITS adds to the already completed PAITS on Wave 1 of HCCS June 2019.

The PAITS identified 1 medium risk. The strategy to address this risk is scheduled for completion before the end of the 2021 to 2022 fiscal year.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


Implementation of Adobe Target on Canada.ca - Privacy Analysis for IT Solutions – May 2021

Description of program/activity

Service Canada is responsible for Canada.ca, which applied Adobe Target to its webpages on December 11, 2020. Adobe Target is a web software used to personalize website visitors’ experiences.

Need for the privacy analysis for IT solutions (PAITS)

The Privacy Management Division completed this PAITS to examine the privacy risks and strategies related to the management and protection of personal information collected by Adobe Target. This PAITS also focused on the Authority to Operate of the Principal Publisher, Adobe’s policies, Adobe Target’s interaction with Adobe Analytics (a web analytics software) and the Adobe Experience Cloud (a collection of web analytics-related software).

More information

The PAITS identified 1 insignificant and 3 low risks. In addition, there were 4 compliance issues. The risks are in the process of being mitigated.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


Integrated Labour System (ILS) Employer’s Annual Hazardous Occurrence Reports - Privacy Analysis for IT Solutions– May 2021

Description of program/activity

ESDC’s Labour Program oversees federal labour responsibilities, including the facilitation of compliance with labour laws and Canadian labour standards. Each year, all federally regulated employers submit an Employer’s Annual Hazardous Occurrence Reports (EAHOR) to the Minister of Labour. Annually, EAHOR records the total number of fatalities, accidents, occupational diseases and other hazardous occurrences in a workplace. The Labour program uses the Integrated Labour System (ILS) to administer EAHOR as part of the modernization of its operating environment.

Need for privacy analysis for IT solutions (PAITS)

Privacy Management Division (PMD) completed this privacy analysis as part of multiple privacy analysis that the Labour program will complete on ILS. This identifies the privacy issues and risks associated with the use of personal information for EAHOR within ILS.

More information

This PAITS focused on the collection and use of personal information of employees submitting the EAHOR report. The analysis has identified 1medium risk, 2 low risks and 2 compliance issues associated with the ILS system. The risks are in the process of being mitigated.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


Record of Employment Comment (ROEC) - Privacy Analysis for IT Solutions – May 2021

Description of program/activity

A Record of Employment (ROE) provides information on employment history. The information on the ROE is used to decide if a person is eligible to collect Employment Insurance (EI) benefits, what the benefit amount will be, for how long the benefits will be paid and to make sure that no one misuses or gets benefits by mistake. Some ROEs online have free text comments. The ROEC tool automates the review of the ROE text comment field using machine learning and confirms or updates the Reason for Separation in the ROE.

Need for privacy analysis for IT Solutions (PAITS)

Privacy Management Division completed the PAITS because the ROEC automates the review of the ROE Comments. The information from the ROE comment field helps decide EI benefits.

The assessment identifies the privacy risks and provides strategies to address the ones related to handling and protecting individuals’ personal information.

More information

The PAITS identified 1 medium risk and 1 compliance issue. The risks are in the process of being mitigated.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


Service Canada Compliance Verification Service for the Public Health Agency of Canada during COVID-19 Pandemic (Privacy Compliance Evaluation – May 2021)

Description of program/activity

The Service Canada Compliance Verification Service for the Public Health Agency of Canada (PHAC) during the COVID-19 pandemic was changed to help PHAC contact more travelers. Employment and Social Development Canada (ESDC) and Service Canada continue to provide service delivery for PHAC’s COVID-19 Quarantine Compliance Campaign with changes to the services.

Need for privacy compliance evaluation (PCE)

The Privacy Management Division completed the PCE because ESDC/Service Canada is collecting and handling travelers’ personal information to verify if they are following the guidelines for travelers.

The assessment identifies the privacy risks and provides strategies to address the ones related to handling and protecting travelers’ personal information.

More information

This PCE identified 1 medium, 2 low risks, and 2 compliance issues. The risks are in the process of being mitigated.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)

June

Canada Student Financial Assistance Program use of Simplified Digital Identity Validation - Privacy Analysis- June 2021

Description of program/activity

The Canada Student Financial Assistance (CSFA) Program’s use of Simplified Digital Identity Validation (SDIV) solution will deliver real-time multi-factor authentication that improves Employment and Social Development Canada (ESDC)’s Enterprise Cyber Authentication Service (ECAS). ECAS provides Registration and Authentication services for the National Student Loans Service Centre (NSLSC) account. The SDIV will be another solution for users who have forgotten the answers to their security questions and have locked themselves out of their account.

Need for privacy analysis

Privacy Management Division completed the Privacy Analysis to identify the privacy risks and provide strategies to address handling CSFA Program users’ personal information to authenticate those users.

More information

The Privacy Analysis identified 3 medium risks and 1 compliance issue. The strategies to address the risks and the issue related to the handling of CSFA Program users’ personal information are scheduled for completion by June 30, 2022.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


COVID-19 One-Time Tax-Free Payment for Seniors - Privacy impact assessment – June 2021

Description of program

In July 2020, the Government of Canada provided financial support for a one-time tax-free payment of $300 for Canadians aged 65 and over eligible for the Old Age Security (OAS). An additional $200 for seniors who receive the Old Age Security and Guaranteed Income Supplement (GIS). This helped seniors cover the additional costs caused by the COVID-19 pandemic.

Need for privacy impact assessment (PIA)

Privacy Management Division completed this PIA to identify privacy risks related to the collection, use and handling of personal information for clients receiving this payment.

More information

The PIA identified 2 medium risks and 2 compliance issues. The strategies to address these risks and compliance issues are scheduled for completion by June 2022.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


MyAlberta Digital Identity (MADI) Agreement - privacy impact assessment Addendum – June 2021

Description of program/activity

The MyAlberta Digital Identity (MADI) Trusted Digital Identity (TDI) Agreement negotiated between Employment and Social Development Canada (ESDC), the Canada Employment Insurance Commission (CEIC) and Service Alberta. The Agreement continues to provide the residents of Alberta access to My Service Canada Account (MSCA). The long-term TDI Agreement replaces the 2-year pilot Information Sharing Agreement (ISA) that came into effect in August 2019 to 2021.

Need for privacy impact assessment (PIA) addendum

The Privacy Management Division completed the Addendum to identify the privacy risks and provide strategies for those risks. The Addendum is needed because ESDC/CEIC is collecting and handling MSCA personal information for residents of Alberta to confirm their identities.

More information

The December 2019 privacy impact assessment (PIA) for the MADI pilot remains valid. The Addendum only assesses the changes related to the MADI transition.

The PIA Addendum identified 1 low, 1 medium risk and 2 compliance issues. The risks are in the process of being mitigated.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)

July

Canada Emergency Student Benefit - Privacy impact assessment – July 2021

Description of program/activity

Employment and Social Development Canada (ESDC) and Canada Revenue Agency (CRA) collaborated to complete this multi-institutional privacy impact assessment (PIA). The Canada Emergency Student Benefit (CESB); established in May 2020 provides financial support to students whose income was affected by the COVID-19 pandemic.

Need for privacy impact assessment (PIA)

The Privacy Management Division completed this PIA to identify privacy risks associated with the collection of personal information from CESB applicants and the use of their personal information.

More information

The assessment examined the privacy risks and associated mitigations related to the management and protection of personal information collected by the CESB Program.

The PIA identified 4 low privacy risks, and 5 associated compliance issues. The risks are in the process of being mitigated.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


COVID-19 One-Time Non-Taxable Payment to Persons with Disabilities (Privacy impact assessment – July 2021)

Description of program

In June 2020, the Government of Canada provided financial support for a one-time non-taxable payment of up to $600 for persons with disabilities. Payments were received in October 2020, January 2021, or April 2021.

Need for privacy impact assessment (PIA)

The Privacy Management Division completed a privacy impact assessment (PIA) to identify privacy risks associated with the collection, use and handling of personal information for clients receiving this payment.

More information

The PIA identified 1 low risk, 1 medium risk and 2 compliance issues. The risks are in the process of being mitigated.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)

October

Canada Education Savings Program - Analytical and Monitoring Solution – Privacy Analysis for IT Solutions – October 2021

Description of Activity

ESDC’s Canada Education Savings Program (CESP) uses 2 interactive databases: the Reporting Database (RDB) and the Canada Education Savings Grant Online Transactional Processing (CESG OLTP) Database. The current RDB is inadequate in meeting the needs for data analytics and performance measurements. Hence, CESP intends to replace the RDB with an Analytical and Monitoring Solution (AMS), Cognos Analytics software (currently version 11).

Need for Privacy Analysis for IT Solutions (PAITS)

Privacy Management Division (PMD) completed a PAITS to identify the privacy risks associated with the project. The replacement of RDB with Cognos will introduce a new database and relocation of personal information. As a result, a PAITS was conducted to assess the privacy risks and issues.

More information

This PAITS focused on building the AMS, aligning the technology with departmental standards, replace the RDB and adopt essential training and management of the new solution.

The PAITS identified 2 low and 1 medium risks. The strategies to address these risks are scheduled for completion by June 2022.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


Security Screening Intake Process Simplification (SSIPS) Project - Privacy Analysis for IT Solutions – October 2021

Description of program/activity

The Security Screening Intake Process Simplification (SSIPS) Project is a commitment under Employment and Social Development Canada’s (ESDC) Integrity Service Branch. ESDC will use Transport Canada’s platform to use the Appian solution to process security clearance for employees.

Need for Privacy Assessment for IT Solutions

Privacy Management Division completed a Privacy Analysis for IT Solutions (PAITS) to identify the privacy risks related to collection, use and handling of personal information received from applicants to process their security clearance for work.

More information

This PAITS focused on the first release of this project, which involves 3 sub-processes (Power App, Appian and GC Notify) of the application intake process. Subsequent privacy assessments will be completed for future related releases.

The PAITS identified 3 low risks 1 medium risk, and 3 compliance issues. The risks are in the process of being mitigated.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)

December

Employment Insurance Workload Efficiency and Process Improvement (EIWEPI) Project (PAITS – December 2021

Description of program/activity

The Employment Insurance Workload Efficiency and Process Improvement (EIWEPI) project seeks to address workload challenges by implementing efficiencies. Improvements in process will ensure Service Canada is fulfilling client expectations in maintaining Employment Insurance (EI) Service Standards. This work includes enhancing the client service experience.

Need for Privacy Assessment for IT Solutions (PAITS)

The Privacy Management Division completed this PAITS to identify privacy risks because the project works with systems that hold and handle sensitive personal information.

More information

The PAITS identified 3 low risks and 2 medium risks related to safeguarding. There were no compliance issues identified. The strategies to address these risks and issues are scheduled for completion by March 2024.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


Exchange of personal information on offenders between Employment and Social Development Canada and Correctional Services Canada for the administration of the Employment Insurance Emergency Response Benefit – Privacy Compliance Evaluation - December 2020

Description of program/activity

The Department of Employment and Social Development Canada (ESDC) and the Canada Employment Insurance Commission (CEIC) are to administer the Employment Insurance Emergency Response Benefit (EI ERB) Program to help protect Canadians and the economy from the impacts of the global COVID-19 pandemic. As a result, a set of measures were designed to provide immediate income support to Canadians.

Need for a privacy compliance evaluation (PCE)

The Privacy Management Division completed the EI ERB, which is considered an urgent COVID-related initiative. Due to the sensitivity of the personal information collected from Correctional Services Canada, a PCE was done. It examines the privacy risks related to the management and protection of personal information involved in the collection, use and data matching activities to determine eligibility for the EI ERB.

More information

The PCE identified 1 low level risk and 2 medium level risks. The risks are in the process of being mitigated.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)

March

eSIN Public Trustee Portal (ePTP) Privacy Analysis for IT Solutions – March 2021

Description of program/activity

The Electronic Public Trustee Portal (ePTP) initiative under Employment and Social Development Canada (ESDC)’s Integrity Services Branch’s Identity Policy and Program Directorate (IPPD) will allow Public Trustees (PTs) across Canada to apply or request confirmation of a Social Insurance Number, and request data elements within the Social Insurance Register (SIR) of individuals who are served by those trustees.

Need for a privacy analysis for IT solutions (PAITS)

The Privacy Management Division completed this PAITS to identify any risks and ensure privacy protection measures were considered in the collection of personal information.

More information

This PAITS focused on the web-based application process by PTs using the eSIN application solution and the new portal (ePTP). The analysis focused on the enhancement of the web-based portal for PTs and the transmission of information from ESDC to PTs.

The PAITS identified 2 medium risks, 1 low risk, and 2 compliance issues. The strategies to address these risks and issues are scheduled for completion by Fall 2022.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)


One-Time Non-Taxable Grant for Guaranteed Income Supplement Recipients Who Received Pandemic Benefits in 2020 - Issuance of Payments to Clients in Dire Need - Privacy impact assessment – March 2022

Description of program/activity

The Guaranteed Income Supplement (GIS) recipients who are in dire need experiencing a loss or reduction to their GIS benefit due to COVID-19 pandemic are eligible for this $200 One-Time Payment.

Need for Privacy impact assessment (PIA)

Privacy Management Division completed this PIA to identify the privacy risks related to the collection, use, disclosure, and handling of personal information for clients receiving this payment.

More information

This PIA focused on the information provided by the Benefits and Integrated Services Branch (BISB), the Income Security and Social Development Branch (ISSDB) and the Innovation, Information and Technology Branch (IITB) as of March 2022 involved with the administration of this One-Time Payment.

The PIA identified 4 medium-level risks, and 1 compliance issue. The strategies to address these risks and issues are scheduled for completion by March 31, 2023.

In order to have access to this privacy product, please contact: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca)

Page details

Date modified: