Privacy Impact Assessment Summary: Elections Canada's National Register of Electors Immigration, Refugees and Citizenship Canada Data Transfers (New Citizens and Loss of Citizenship Data)
Lead Government Institutions
Elections Canada (EC) and Immigration, Refuges and Citizenship Canada (IRCC)
Legal Authority
- EC: Subsections 44(1), (2) and (3); 46(1), (1.1) and (2); 52(1), (1.1) and (2); and sections 53 and 54 of the Canada Elections Act
- IRCC: Section 26.3 and subsections 26.4(1) and (2) of the Citizenship Regulations
Description of the program/activity
This is an addendum to the Privacy Impact Assessment (PIA) pertaining to Elections Canada's National Register of Electors Immigration, Refugees and Citizenship Canada data transfers for the new citizens and loss of citizenship data.
The PIA is an update to an existing program between EC and IRCC.
The EC’ National Register for Electors (NROE) is the permanent, continually updated database of Canadians who are eligible to vote in federal elections and referendums. It contains the family name, given name, gender, date of birth, Canadian residential address and Canadian mailing address for some 26 million electors along with a unique identifier to help track changes to the elector's record. EC uses the information in the NROE to create preliminary lists of electors at the beginning of federal elections and referendums. The preliminary elector list data is used to mail voter information cards to electors telling them where and when to vote and is given to candidates and political parties. In addition, the Canada Elections Act (CEA) requires EC to provide lists of electors to members of Parliament and registered political parties by the 15th of November each year, if there has not been a federal election in the last six months. The CEA also allows EC to enter into agreements with provincial and territorial electoral bodies to provide data from the NROE for use at their elections.
As well, it was noted after the first transfer that IRCC's Permanent Residents (PR) and Foreign Nationals (FN) data was originally extracted from their Global Case Management System (GCMS), which was introduced in 2009. However, IRCC’s older immigration database, the Field Operation Support System (FOSS) also contains information on PRs and FNs in Canada. As such, EC requested a one-time extract from the FOSS database once a quality assurance process and script review were completed. FOSS is now read-only, meaning a one-time extract should suffice.
It should be noted that there is no impact on the MOU or the PIA regarding FOSS data provision as the same data elements are shared with EC.
There will be a two-way sharing mechanism allowing both institutions to prevent future sharing issues, ensuring that only data that can or should be shared with EC is shared. This helps IRCC update their data accordingly. It also allows EC to prepare a list of potential cases to refer for investigations if individuals not eligible vote. This prevents errors in that regard.
For the post-GE validation, in the interest of time, the exchange of information has taken place via Shared Services Canada (SSC) Managed Secure File Transfer Service (MSFT) to upload and download the file transfer. This process will continue to apply unless there are large numbers of records that will benefit from transfer using the Secure File Transfer Protocol.
Personal Information Banks
- Voter Registration and Identification – Elections PPU 037
- Application and Assessment for Canadian Citizenship – IRCC PPU 050
Summary of Risk Identification and Categorization
Below is the risk identification and categorization table corresponding to this initiative.
| a) Type of program or activity | Risk scale |
|---|---|
| Program or activity that does NOT involve a decision about an identifiable individual | Checkbox: unchecked ☐ 1 |
| Administration of program or activity and services | Checkbox: unchecked ☐ 2 |
| Compliance or regulatory investigations and enforcement | Checkbox: unchecked ☐ 3 |
| Program or activity DOES involve a decision about an identifiable individuals | Checkbox: checked ☒ 4 |
| Criminal investigation and enforcement or national security | Checkbox: unchecked ☐ 5 |
| b) Type of personal information involved and context | Risk scale |
|---|---|
| Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program. | Checkbox: unchecked ☐ 1 |
| Personal information, with no contextual sensitivities after the time of collection, is provided by the individual with consent to also use personal information held by another source. | Checkbox: unchecked ☐ 2 |
| Personal information of minors or of legally incompetent individuals or involving a representative acting on behalf of the individual. | Checkbox: unchecked ☐ 3 |
| Social Insurance Number, medical, financial, or other sensitive personal information or the context surrounding the personal information is sensitive; | Checkbox: checked ☒ 4 |
| Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples, or the context surrounding the personal information, is particularly sensitive | Checkbox: unchecked ☐ 5 |
| c) Program or activity partners and private sector involvement | Risk scale |
|---|---|
| Within the institution (among one or more programs within the same institution) | Checkbox: unchecked ☐ 1 |
| With other government institutions | Checkbox: checked ☒ 2 |
| With other institutions or a combination of federal, provincial, territorial, and municipal governments | Checkbox: unchecked ☐ 3 |
| Private sector organizations | Checkbox: unchecked ☐ 4 |
| International organizations or foreign governments | Checkbox: unchecked ☐ 5 |
| d) Duration of the program or activity | Risk scale |
|---|---|
| One-time program or activity | Checkbox: unchecked ☐ 1 |
| Short–term program or activity | Checkbox: unchecked ☐ 2 |
| Long-term program or activity | Checkbox: checked ☒ 5 |
| e) Program population | Risk scale |
|---|---|
| The program's use of personal information for internal administrative purposes affects certain employees. | Checkbox: unchecked ☐ 1 |
| The program's use of personal information for internal administrative purposes affects all employees. | Checkbox: unchecked ☐ 2 |
| The program's use of personal information for external administrative purposes affects certain individuals. | Checkbox: checked ☒ 4 |
| The program's use of personal information for external administrative purposes affects all individuals. | Checkbox: unchecked ☐ 5 |
| f) Technology and privacy (A YES response indicates the potential for privacy concerns and risks, which will require consideration and, if necessary, mitigation). | Risk scale |
|---|---|
| Does the new or substantially modified program or activity involve implementation of a new electronic system or the use of an emerging technology, to support the program or activity in terms of the creation, collection or handling of personal information? | Checkbox: unchecked ☐ Yes Checkbox: checked ☒ No |
| Does the new or substantially modified program or activity require any modifications to information technology (IT) legacy systems? | Checkbox: unchecked ☐ Yes Checkbox: checked ☒ No |
Specific technological issues and privacy Does the new or substantially modified program or activity involve the implementation of new technologies or one or more of the following activities: enhanced identification and matching methods, enhanced data collection methods use or disclosure of personal information, surveillance interjurisdiction or trans-border sharing of personal information or use of Artificial Intelligence technology for automated personal information analysis, personal information matching, and knowledge discovery techniques. If Yes to any of the above, it indicates the potential for privacy concerns and risks, which will require consideration and possible mitigation. |
Checkbox: unchecked ☐ Yes Checkbox: checked ☒ No |
| g) Personal information transmissionty | Risk scale |
|---|---|
| The personal information is used within a closed system (i.e., no connections to the Internet, Intranet, or any other system, and the circulation of hardcopy documents is controlled). | Checkbox: unchecked ☐ 1 |
| The personal information is used in a system with connections to at least one other system. | Checkbox: unchecked ☐ 2 |
| The personal information is transferred to a portable device (i.e., USB key, diskette, laptop computer), transferred to a different medium, or is printed. | Checkbox: unchecked ☐ 3 |
| The personal information is transmitted using wireless technologies. | Checkbox: unchecked ☐ 4 |
| The personal information is transmitted through a Cloud service. | Checkbox: checked ☒ 5 |
Risk and Mitigation Strategies
The Addendum to the PIA that was conducted for the purpose of data transfers from IRCC to EC has identified a single low risk pertaining to the implementation of the system.
Despite IRCC’s assurance that citizenship applications are unaffected by this decision, young individuals may experience a certain level of pressure to give their consent to be added to the NROE if their parents are giving their own consent to be added, and if they feel their application may be looked upon more favourably.
Given the low likelihood of this potential risk, and the minimal impacts it may have, IRCC does not feel that mitigation measures need to be undertaken.
For the summary of the original Privacy Impact Assessment, please refer to the Privacy Impact Assessment – Elections Canada's National Register of Electors Immigration, Refugees and Citizenship Canada Data Transfers (New Citizens and Loss of Citizenship Data) – Elections Canada.