Privacy Impact Assessment (PIA) Summary: Council of Newcomers

Lead Government Institution

Immigration, Refugees and Citizenship Canada (IRCC)

Name of the Program/Activity

Council of Newcomers

Legal Authority

Depending on the composition of the Council and the nature of the conversations, collection of personal information may be related to particular immigration/refugee programs, citizenship programs, and/or passport programs.

Relevant authorities include:

Description of the program or activity

In February 2023, IRCC initiated a Strategic Immigration Review to gather input on a collaborative vision for Canada’s immigration system. During the review process, there was significant interest from participating individuals and organizations in engaging with senior officials at IRCC. One participant suggested that creating an advisory council comprised of immigrants and newcomers would be a valuable way to include their perspectives in ongoing discussions about the future of the immigration system. 

The Council of Newcomers is a new initiative that will bring together up to 12 immigrants who came to Canada in the past ten years and have lived experience of Canada’s immigration system. The Council will convene approximately through in-person and virtual meetings and report to IRCC’s Deputy Minister. During meetings, Council members will be invited to share their views, ideas, and experiences on various immigration-related topics on a voluntary and non-attributional basis.

As the Council is formed and begins operations, personal information may be formally or informally collected in three key areas:

This is not a multi-institutional PIA, as personal information will not be shared outside IRCC.

Personal Information Banks

Summary of Risk Identification and Categorization

Below is the risk identification and categorization table corresponding to this initiative.

a) Type of program or activity Risk scale
Program or activity that does not involve a decision about an identifiable individual Checkbox: unchecked ☐ 1
Administration of program or activity and services Checkbox: checked ☒ 2
Compliance or regulatory investigations and enforcement Checkbox: unchecked ☐ 3
Program or activity does involve a decision about an identifiable individuals Checkbox: unchecked ☐ 4
Criminal investigation and enforcement or national security Checkbox: unchecked ☐ 5
b) Type of personal information involved and context Risk scale
Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the individual's consent for disclosure under an authorized program. Checkbox: unchecked ☐ 1
Personal information, with no contextual sensitivities after the time of collection, is provided by the individual with consent to use personal information held by another source. Checkbox: unchecked ☐ 2
Personal information of minors. legally incompetent individuals or involving a representative acting on behalf of the individual. Checkbox: unchecked ☐ 3
Social Insurance Number, medical, financial, or other sensitive personal information or the context surrounding the personal information is sensitive; Checkbox: checked ☒ 4
Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples, or the context surrounding the personal information, is particularly sensitive Checkbox: unchecked ☐ 5
c) Program or activity partners and private sector involvement Risk scale
Within the institution (among one or more programs within the same institution) Checkbox: checked ☒ 1
With other government institutions Checkbox: unchecked ☐ 2
With other institutions or a combination of federal, provincial, territorial, and municipal governments Checkbox: unchecked ☐ 3
Private sector organizations Checkbox: unchecked ☐ 4
International organizations or foreign governments Checkbox: unchecked ☐ 5
d) Duration of the program or activity Risk scale
One-time program or activity Checkbox: unchecked ☐ 1
Short–term program or activity Checkbox: checked ☒ 2
Long-term program or activity Checkbox: unchecked ☐ 5
e) Program population Risk scale
The program's use of personal information for internal administrative purposes affects certain employees. Checkbox: unchecked ☐ 1
The program's use of personal information for internal administrative purposes affects all employees. Checkbox: unchecked ☐ 2
The program's use of personal information for external administrative purposes affects specific individuals. Checkbox: checked ☒ 4
The program's use of personal information for external administrative purposes affects all individuals. Checkbox: unchecked ☐ 5
f) Technology and privacy (A YES response indicates the potential for privacy concerns and risks, which will require consideration and, if necessary, mitigation). Risk scale
Does the new or substantially modified program or activity involve implementing a new electronic system or using an emerging technology to support the program or activity in terms of creating, collecting, or handling personal information? Checkbox: unchecked ☐ Yes
Checkbox: checked ☒ No
Does the new or substantially modified program or activity require any modifications to information technology (IT) legacy systems? Checkbox: unchecked ☐ Yes
Checkbox: checked ☒ No

Specific technological issues and privacy

Does the new or substantially modified program or activity involve the implementation of new technologies or one or more of the following activities:
Checkbox: unchecked ☐ enhanced identification and matching methods
Checkbox: unchecked ☐ enhanced data collection methods use or disclosure of personal information
Checkbox: unchecked ☐ surveillance interjurisdiction or trans-border sharing of personal information
Checkbox: unchecked ☐ use of Artificial Intelligence technology for automated personal information analysis
Checkbox: unchecked ☐ personal information matching, and knowledge discovery techniques.

Checkbox: unchecked ☐ Yes
Checkbox: checked ☒ No
g) Personal information transmissionty Risk scale
The personal information is used within a closed system (i.e., no connections to the Internet, Intranet, or any other system, and the circulation of hardcopy documents is controlled). Checkbox: unchecked ☐ 1
The personal information is used in a system with connections to at least one other system. Checkbox: unchecked ☐ 2
The personal information is transferred to a portable device (i.e., USB key, diskette, laptop computer), transferred to a different medium, or printed. Checkbox: unchecked ☐ 3
The personal information is transmitted using wireless technologies. Checkbox: checked ☒ 4
The personal information is transmitted through a Cloud service. Checkbox: unchecked ☐ 5

Summary of Risks and Mitigation Strategies

It is assessed that the probability of privacy risks associated with the Council of Newcomers is generally low, and the impacts of unintended privacy breaches are also low.

Potential privacy risks will be mitigated by ensuring that individuals will be duly informed of how their personal information will be used prior to collection and seeking written consent from individuals as and when necessary during any use of their personal information. Additional mitigation measures that will be in place include, but are not limited to, collecting only essential information necessary for enabling Council activities, leveraging electronic processes, and limiting access to personal information based on a need-to-know basis.

There will be a systematic review of existing procedures, including privacy compliance, after each cohort of the Council.  At the same time, IT system access will be monitored and updated regularly as employees join or leave the team.

Page details

Date modified: