Privacy Impact Assessment Summary: Human Resources (HR)-to-Pay Data Warehouse (HPDW)

About the Program

A key initiative of the Immigration, Refugees and Citizenship Canada (IRCC) Phoenix Task Force, the HR-to-Pay Data Warehouse (HPDW) will provide IRCC employees with a consolidated view of their Human Resources (HR) data (e.g. Personal Record Identifier #, annual salary, pensionable start date), compensation and pay case information through a personalized “Employee Statement”. The HPDW will also enable a Manager Dashboard providing an aggregated view of their team’s information and a Metrics Dashboard containing insightful performance metrics. It is worth noting that of the 40+ initiatives reviewed by IRCC leadership, the Employee Statement was identified as one of the highest priority initiatives, including by the Joint Union-Management Phoenix (JUMP) Committee.

Scope of the PIA

This PIA covers:

  1. The acquisition of IRCC employee HR, compensation and pay case data sources to the IRCC Enterprise Data Warehouse;
  2. IRCC employee access to online display of their own HR, compensation and pay case information (i.e. Employee Statement);
  3. IRCC manager access to online display of aggregate employee data for the members of their team (i.e. Manager Dashboard); and
  4. IRCC corporate access to online display of aggregate metrics related to HR, compensation and pay case processing.

Summary of Privacy Issues and Mitigation Strategies

The privacy impact assessment has identified the following privacy risks:

Privacy issue Risk Mitigation strategy
1. Inaccurate data For the Employee Statement (Phase I), there is a risk that the data presented will be inaccurate and/or that such inaccuracies will cause employee confusion or unnecessary anxiety. This risk will be mitigated by piloting the Employee Statement to a subset of IRCC employees, and amending the data as necessary based on pilot project feedback.
2. Usage or disclosure of personal information For the Manager Dashboard (Phase II), there is a risk that managers/supervisors who access employees’ personal information may disclose or use it for personal purposes
  • Using security mechanisms to limit access to authorized users and set permissions;
  • The Oath of Employment signed by IRCC employees;
  • Standard manager/supervisor training on privacy and responsibilities; and
  • Communications planned for the Manager Dashboard will remind users of their responsibilities including appropriate use of data, employee privacy and confidentiality.
3. Any issues during rollout or operation There is a risk of damage to IRCC’s reputation or employee trust if issues are encountered in the rollout or operation of the HPDW and its Statements. This risk is mitigated by piloting the Statements to a subset of users to help identify and resolve issues up front, before full implementation. The IRCC-wide implementation is planned as a phased rollout to allow for immediate response to any issues encountered during the rollout phase.

The Transformation and Digital Solutions Sector (TDSS) is undertaking a security assessment and authorization (SA&A) process and any recommendations made throughout that process will be addressed. IT Security, IT Operations Branch, TDSS, assessments were completed and rated the HPDW as a low risk to the Department overall.

Page details

Date modified: