Review and benchmarking of privacy management: chapter 5

4. Conclusion

Overall, the review confirmed that the required policies and processes for privacy management are in place and conform essentially to all elements of the Treasury Board (TB) Policy on Privacy Protection. ECCC’s Privacy Policy Framework documents roles and responsibilities and guidance such as related to Privacy Impact Assessment (PIA) and the Breach Protocol processes.  The review confirmed that personal information for staffing and procurement activities is being collected only for the purpose of the specific programs.

However, the review has identified two areas for improvement: guidance on the processes related to the collection of Social Insurance Numbers (SIN) and the monitoring of Privacy Impact Assessments (PIA).