Privacy Impact Assessment (PIA) Summary: Council of Newcomers
Lead Government Institution
Immigration, Refugees and Citizenship Canada (IRCC)
Name of the Program/Activity
Council of Newcomers
Legal Authority
Depending on the composition of the Council and the nature of the conversations, collection of personal information may be related to particular immigration/refugee programs, citizenship programs, and/or passport programs.
Relevant authorities include:
- The Department of Citizenship and Immigration Act
- section 4
- The Immigration and Refugee Protection Act,
- sections 12, 22(1) and 95(1), as well as sections 3(1)(a)-(j) and S.3(2)(a)-(h)
- The Citizenship Act
- sections 3(1) and 5(1);
- the passport program, which exists under the Royal prerogative and includes the Canadian Passport Order
Description of the program or activity
In February 2023, IRCC initiated a Strategic Immigration Review to gather input on a collaborative vision for Canada’s immigration system. During the review process, there was significant interest from participating individuals and organizations in engaging with senior officials at IRCC. One participant suggested that creating an advisory council comprised of immigrants and newcomers would be a valuable way to include their perspectives in ongoing discussions about the future of the immigration system.
The Council of Newcomers is a new initiative that will bring together up to 12 immigrants who came to Canada in the past ten years and have lived experience of Canada’s immigration system. The Council will convene approximately through in-person and virtual meetings and report to IRCC’s Deputy Minister. During meetings, Council members will be invited to share their views, ideas, and experiences on various immigration-related topics on a voluntary and non-attributional basis.
As the Council is formed and begins operations, personal information may be formally or informally collected in three key areas:
- Application: To identify, screen, and assess applicants for council member positions, including a reference check and immigration background check;
- Council activities: Facilitate participation in meetings and activities (e.g., members may share their immigration experiences, feedback, or views during meetings) and
- Reimbursements: Process travel and accommodation reimbursements.
This is not a multi-institutional PIA, as personal information will not be shared outside IRCC.
Personal Information Banks
Summary of Risk Identification and Categorization
Below is the risk identification and categorization table corresponding to this initiative.
| a) Type of program or activity | Risk scale |
|---|---|
| Program or activity that does not involve a decision about an identifiable individual | Checkbox: unchecked ☐ 1 |
| Administration of program or activity and services | Checkbox: checked ☒ 2 |
| Compliance or regulatory investigations and enforcement | Checkbox: unchecked ☐ 3 |
| Program or activity does involve a decision about an identifiable individuals | Checkbox: unchecked ☐ 4 |
| Criminal investigation and enforcement or national security | Checkbox: unchecked ☐ 5 |
| b) Type of personal information involved and context | Risk scale |
|---|---|
| Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the individual's consent for disclosure under an authorized program. | Checkbox: unchecked ☐ 1 |
| Personal information, with no contextual sensitivities after the time of collection, is provided by the individual with consent to use personal information held by another source. | Checkbox: unchecked ☐ 2 |
| Personal information of minors. legally incompetent individuals or involving a representative acting on behalf of the individual. | Checkbox: unchecked ☐ 3 |
| Social Insurance Number, medical, financial, or other sensitive personal information or the context surrounding the personal information is sensitive; | Checkbox: checked ☒ 4 |
| Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples, or the context surrounding the personal information, is particularly sensitive | Checkbox: unchecked ☐ 5 |
| c) Program or activity partners and private sector involvement | Risk scale |
|---|---|
| Within the institution (among one or more programs within the same institution) | Checkbox: checked ☒ 1 |
| With other government institutions | Checkbox: unchecked ☐ 2 |
| With other institutions or a combination of federal, provincial, territorial, and municipal governments | Checkbox: unchecked ☐ 3 |
| Private sector organizations | Checkbox: unchecked ☐ 4 |
| International organizations or foreign governments | Checkbox: unchecked ☐ 5 |
| d) Duration of the program or activity | Risk scale |
|---|---|
| One-time program or activity | Checkbox: unchecked ☐ 1 |
| Short–term program or activity | Checkbox: checked ☒ 2 |
| Long-term program or activity | Checkbox: unchecked ☐ 5 |
| e) Program population | Risk scale |
|---|---|
| The program's use of personal information for internal administrative purposes affects certain employees. | Checkbox: unchecked ☐ 1 |
| The program's use of personal information for internal administrative purposes affects all employees. | Checkbox: unchecked ☐ 2 |
| The program's use of personal information for external administrative purposes affects specific individuals. | Checkbox: checked ☒ 4 |
| The program's use of personal information for external administrative purposes affects all individuals. | Checkbox: unchecked ☐ 5 |
| f) Technology and privacy (A YES response indicates the potential for privacy concerns and risks, which will require consideration and, if necessary, mitigation). | Risk scale |
|---|---|
| Does the new or substantially modified program or activity involve implementing a new electronic system or using an emerging technology to support the program or activity in terms of creating, collecting, or handling personal information? | Checkbox: unchecked ☐ Yes Checkbox: checked ☒ No |
| Does the new or substantially modified program or activity require any modifications to information technology (IT) legacy systems? | Checkbox: unchecked ☐ Yes Checkbox: checked ☒ No |
Specific technological issues and privacy Does the new or substantially modified program or activity involve the implementation of new technologies or one or more of the following activities: |
Checkbox: unchecked ☐ Yes Checkbox: checked ☒ No |
| g) Personal information transmissionty | Risk scale |
|---|---|
| The personal information is used within a closed system (i.e., no connections to the Internet, Intranet, or any other system, and the circulation of hardcopy documents is controlled). | Checkbox: unchecked ☐ 1 |
| The personal information is used in a system with connections to at least one other system. | Checkbox: unchecked ☐ 2 |
| The personal information is transferred to a portable device (i.e., USB key, diskette, laptop computer), transferred to a different medium, or printed. | Checkbox: unchecked ☐ 3 |
| The personal information is transmitted using wireless technologies. | Checkbox: checked ☒ 4 |
| The personal information is transmitted through a Cloud service. | Checkbox: unchecked ☐ 5 |
Summary of Risks and Mitigation Strategies
It is assessed that the probability of privacy risks associated with the Council of Newcomers is generally low, and the impacts of unintended privacy breaches are also low.
Potential privacy risks will be mitigated by ensuring that individuals will be duly informed of how their personal information will be used prior to collection and seeking written consent from individuals as and when necessary during any use of their personal information. Additional mitigation measures that will be in place include, but are not limited to, collecting only essential information necessary for enabling Council activities, leveraging electronic processes, and limiting access to personal information based on a need-to-know basis.
There will be a systematic review of existing procedures, including privacy compliance, after each cohort of the Council. At the same time, IT system access will be monitored and updated regularly as employees join or leave the team.
Page details
- Date modified: