Privacy Impact Assessment Summary: Human Resources (HR)-to-Pay Data Warehouse (HPDW)
About the Program
A key initiative of the Immigration, Refugees and Citizenship Canada (IRCC) Phoenix Task Force, the HR-to-Pay Data Warehouse (HPDW) will provide IRCC employees with a consolidated view of their Human Resources (HR) data (e.g. Personal Record Identifier #, annual salary, pensionable start date), compensation and pay case information through a personalized “Employee Statement”. The HPDW will also enable a Manager Dashboard providing an aggregated view of their team’s information and a Metrics Dashboard containing insightful performance metrics. It is worth noting that of the 40+ initiatives reviewed by IRCC leadership, the Employee Statement was identified as one of the highest priority initiatives, including by the Joint Union-Management Phoenix (JUMP) Committee.
Scope of the PIA
This PIA covers:
- The acquisition of IRCC employee HR, compensation and pay case data sources to the IRCC Enterprise Data Warehouse;
- IRCC employee access to online display of their own HR, compensation and pay case information (i.e. Employee Statement);
- IRCC manager access to online display of aggregate employee data for the members of their team (i.e. Manager Dashboard); and
- IRCC corporate access to online display of aggregate metrics related to HR, compensation and pay case processing.
Summary of Privacy Issues and Mitigation Strategies
The privacy impact assessment has identified the following privacy risks:
Privacy issue | Risk | Mitigation strategy |
---|---|---|
1. Inaccurate data | For the Employee Statement (Phase I), there is a risk that the data presented will be inaccurate and/or that such inaccuracies will cause employee confusion or unnecessary anxiety. | This risk will be mitigated by piloting the Employee Statement to a subset of IRCC employees, and amending the data as necessary based on pilot project feedback. |
2. Usage or disclosure of personal information | For the Manager Dashboard (Phase II), there is a risk that managers/supervisors who access employees’ personal information may disclose or use it for personal purposes |
|
3. Any issues during rollout or operation | There is a risk of damage to IRCC’s reputation or employee trust if issues are encountered in the rollout or operation of the HPDW and its Statements. | This risk is mitigated by piloting the Statements to a subset of users to help identify and resolve issues up front, before full implementation. The IRCC-wide implementation is planned as a phased rollout to allow for immediate response to any issues encountered during the rollout phase. |
The Transformation and Digital Solutions Sector (TDSS) is undertaking a security assessment and authorization (SA&A) process and any recommendations made throughout that process will be addressed. IT Security, IT Operations Branch, TDSS, assessments were completed and rated the HPDW as a low risk to the Department overall.
Page details
- Date modified: