Executive Summary – Environmental Assessment Delivery, Facilitated by the Environmental Assessment Management System (EAMS)

Government Institution: Canadian Environmental Assessment Agency (the Agency)

Name of Program or Activity: Environmental Assessment Delivery

The Canadian Environmental Assessment Agency (the Agency) conducts environmental assessments (EAs) for major projects. The Agency ensures that high quality EAs are completed in a timely and predictable way, thereby supporting economic growth while preventing or reducing adverse environmental effects. The Agency also provides for the meaningful participation of the public and Indigenous groups. Indigenous consultation obligations are integrated to the greatest extent possible within the federal EA process. As such, the Agency consults with Indigenous groups to assess how each proposed project may adversely impact potential or established Aboriginal or Treaty rights and related interests, and to find ways to avoid or minimize these adverse impacts.

For the purpose of these consultations a certain amount of personal information is collected by the Agency. For example, personal opinions along with the names and contact information of the persons providing those opinions are collected when a public submission is made during an EA process. This personal information must be managed carefully in order to respect privacy concerns. To efficiently manage this information, a new program, the Environmental Assessment Management System (EAMS) was developed. As required for all new or substantially modified programs involving the collection of personal information, a privacy impact assessment (PIA) was conducted for EAMS.

This PIA assesses the risks associated with the collection, use, disclosure and retention of the personal information required in the delivery of the Agency’s EA program. In particular, the PIA documents the use of EAMS to facilitate the EA delivery program and any privacy implications resulting from this use. EAMS is used to manage information and processes related to the projects under assessment by the Agency, and to support EA planning and reporting. EAMS information includes work plans, regulatory timelines, comments submitted by individuals and representatives of groups (such as Indigenous or non-governmental organizations) and issues or potential impacts that are raised during the EA process.

Risk Analysis

The PIA “Risk Area Identification & Categorization” identified five medium and two high risks related to the management of personal information through EAMS. These risks have been addressed by a mitigation strategy involving the following:

  • Augmentation of the Agency’s Privacy Management. This includes updating the following documents: The Privacy Notice, the Privacy Impact Assessment Directive, the Privacy Breach Policy, and the Privacy Protocol. Approval is anticipated by January 2017, for the implementation of these policy instruments as well as the Privacy Notice.
  • Training. The Agency is developing a communication strategy to promote staff awareness of the importance of the above mentioned policy instruments. The Agency is also developing a training strategy for the implementation of EAMS planned for the fall of 2016. Both strategies will enhance observance of the privacy protection requirements within the Agency and surrounding the use of EAMS.
  • Protected B certification of the EAMS hosted platform. The Agency has secured certification that the platform is cleared for Protected B.
  • Establishment of Records Disposition Authorities (RDAs). The Agency is working towards establishing RDAs with Library and Archives Canada, which are anticipated to be completed during fiscal year 2016-2017.
  • Registration of a new Personal Information Bank (PIB) to replace an existing Class of Records. A new PIB has been included in this PIA, and has been submitted to the Treasury Board Secretariat of Canada (TBS) for registration.

Page details

Date modified: