Immigration, Refugees and Citizenship Canada

Privacy Impact Assessment (PIA) summary: Pilot of an online passport application solution

Description of the program or activity

In December 2020, Immigration, Refugees and Citizenship Canada (IRCC) initiated a competitive process and awarded a contract to IBM to develop and test an Amazon Web Services (AWS) cloud-based web forms application called the “Solution” to facilitate online passport applications. While the Solution was designed to support all types of Canadian Travel Document (TD) applications, its initial deployment was limited to simplified renewal applications submitted within Canada. These renewal applications involve fewer processing steps and are straightforward.

A Privacy Impact Assessment (PIA) was conducted to assess privacy risks for the IBM-developed Solution and IRCC’s pilot deployment of the online passport application tool. The pilot group for this initiative consisted of clients with an established passport history and verifiable biometrics (photographs) in the passport issuance system.

The pilot allowed participants to submit an application with digital photographs within a controlled live environment. Applicants could interact with the Solution, enabling the Program to study client behavior in a digital setting. It also enabled the Program to establish an initial baseline for requirements, and refine as needed to support the future development of online services to all passport clients.

Following completion of the pilot, it was determined that the project would be decommissioned, therefore, it was not implemented to the general public.

Why a privacy impact assessment was completed

The Privacy Impact Assessment  was conducted in accordance with section C.2.2.9.2.1 of the Directive on Privacy Practices, which requires a PIA be completed when substantial modifications are made to an existing program or activity that uses personal information for administrative purposes and involves the use of new technology. This assessment was triggered by the introduction of an AWS Cloud-based webforms application developed by IBM, which represents a significant technological shift from traditional mail-in renewal applications.

Personal Information Banks

• Regular and Official Passports (PPU 081)

Summary of Risks and Mitigation Strategies

The PIA identified four low risks and offered mitigation strategies accordingly.

Risk 1

There was a risk that the future deployment of a passport online solution would increase the web presence of misrepresentation businesses or businesses targeting applicant data for identity theft or other criminal purposes.

Mitigation

In developing future procedures, integrity activities, and the online solution itself, it was recommended that IRCC consider the potential ramifications of misrepresentation and scam websites on the Canadian Public. Where possible, IRCC should consider processes and activities to protect the integrity of the Passport Program and the personal information of Canadians applying online for a passport. The mitigation measure was not implemented as the solution was decommissioned and was never implemented to the general public.

Risk 2

There was a risk that pilot participant data would be stored on the AWS server longer than is necessary. No retention and disposal timeline has been assigned to the data stored on the AWS server. This risk also extended to the MS Excel spreadsheet which would be created to track interested participants throughout the lifecycle of their participation in the pilot. Data on the spreadsheet was minimal and considered very low risk.

Mitigation

It was recommended that a retention and disposal schedule be assigned to AWS and the GCdocs location where pilot participant data would be stored. Furthermore, it was recommended that  disposal activities occur as required by that schedule. The mitigation measure was not implemented as the solution was decommissioned and was never implemented to the general public.

Risk 3

There was a risk that this PIA did not assess the contract clauses of the Government of Canada’s overarching Protected B cloud storage service against privacy requirements in the TBS Directive on Privacy Practices.

Mitigation

It was recommended that IRCC consider reviewing the contract to determine if there were any risks related to the overarching contract which would impact the PDS solution. IRCC accepted this risk for the pilot and would review the contract prior to broader deployment to the public. The mitigation measure was not implemented as the solution was decommissioned and was never implemented to the general public.

Risk 4

There was a risk that the Passport Program would record the pilot participant’s use of the online application tool without proper notice to the individual.

Mitigation

It was recommended that a notice be placed within the tool (prior to recording) if the PDS Pilot chooses to record users use of the online application. The mitigation measure was not implemented as the solution was decommissioned and was never implemented to the general public.