Contact Centre Operations v 2.0 - Privacy impact assessment summary

Call Centre Services Directorate, Assessment, Benefit and Service Branch
Collections Directorate, Collections and Verifications Branch

Overview & PIA initiation

Government institution

Canada Revenue Agency

Government official responsible for the PIA

Frank Vermaeten
Assistant Commissioner
Assessment, Benefit and Service Branch

Michael Snaauw
Assistant Commissioner
Collections and Verification Branch

Head of the government institution or Delegate for section 10 of the Privacy Act

Marie-Claude Juneau
ATIP Coordinator

Name of program or activity of the government institution

Communications Services

Description of the class of record and personal information bank

Standard or institution specific class of record:
Communications
Record Number: PRN 939

Standard or institution specific personal information bank:
Public Communications
Bank Number: PSU 914

Legal authority for program or activity

• Subsection 220(1) of the Income Tax Act (ITA);
• Section 237 of the ITA;
• Paragraph 241(4)(h) of the ITA;
• Paragraph 241(4)(j) of the ITA;
• Subsection 241(5) of the ITA;
• Subsection 275(1) of the Excise Tax Act (ETA);
• Paragraph 277(1)(d) of the ETA;
• Paragraph 51(1)(b) of the Canada Revenue Agency Act; and
• Financial Administration Act

Summary of the project / initiative / change

Overview of the program or activity

Telephone Enquiries Call Centres

Telephone Enquiries Call Centres provide support to individuals, benefit recipients, businesses and trusts to help them meet their tax obligations and to make them aware of their benefit entitlements, and assist them with their general or account specific enquiries. This program encourages compliance as it provides taxpayers with the accurate and timely information they need to comply with Canada's tax laws and allows callers the opportunity to address any issues or obtain any information they need to meet their obligations and receive their benefit entitlements.

The telephone enquiries call centres handle millions of tax enquiries every year and remain a key channel for providing service to taxpayers. These enquiries are addressed through agent answered and automated responses.

The Interactive Voice Response (IVR) System provides general and account specific (secure authenticated) information. Call centres also monitor telephone calls for quality assurance through the National Quality and Accuracy Learning Program (NQALP). The NQALP uses a standardized quality-learning tool (a standardized form) which enables NQALP certified listeners to assist telephone agents with the goal of improving quality and accuracy. The results from the NQALP checklist are used to give feedback to individual agents; to identify individual training needs; to identify trends; and to realize efficiency gains. This leads to improved quality in the service provided to taxpayers.

Debt Management Call Centres

The CRA Debt Management Call Centres (DMCCs) handle high volume, low complexity collections and compliance-related telephone calls from across Canada including making payment arrangements within established parameters. They provide early personal contact through outbound calls to advise taxpayers of their outstanding debt as well as answering inbound telephone enquiries from previous call attempts, letters, and notices.

The Interactive Voice Response (IVR) System provides general and account specific (secure authenticated) information. DMCCs also monitor telephone calls for quality assurance through the Quality Support Team (QST). The QST uses a standardized quality-learning tool (a standardized form) which enables QST agents to assist telephone agents with the goal of improving quality and accuracy. The results from the QST form are used to give feedback to individual agents; to identify individual training needs; to identify trends; and to realize efficiency gains. This leads to improved quality in the service provided to taxpayers.

What’s new

The Government of Canada, led by Shared Services Canada (SSC), is replacing its aging infrastructure as part of the Contact Centre Transformation Initiative (CCTI). The objective of the CCTI is to bring all federal institution partners’ contact centres to a common, modernized, centrally managed, and fully hosted national Hosted Contact Centre Service (HCCS) platform. As part of this initiative, the CRA is modernizing its call centres so Canadians receive a higher standard of service.

The Assessment, Benefit and Service Branch (ABSB) will oversee the migration of its eight Telephone Enquiries Contact Centres (Individual, Business and Benefits Enquiries) while the Collections and Verifications Branch (CVB) will oversee the migration of the remainder of the Agency’s Contact Centres, including the Debt Management Call Centres (DMCC).

IBM Canada Ltd. has been contracted by SSC to build the infrastructure which will host the HCCS. IBM Canada Ltd. will provide the HCCS environment which will accept and route calls originating from across Canada, the United States, and internationally to locations throughout Canada. Agents, supervisors, team leaders, and contact centre administrators that are employed or contracted by CRA will be located at CRA facilities and other authorized locations (anywhere they have access to a computer and/or phone, provided they have authorized access. such as teleworkers) within Canada.

As the technical and financial authority for the HCCS, SSC will own, maintain and support the infrastructure. CRA data generated or stored in databases within either SSC’s or IBM Canada Ltd.’s infrastructure is owned by the CRA and considered to remain under the control of the CRA.

This HCCS will provide CRA call centres with the following new technologies and enhancements:

• Migration from a local call routing process to a centralized automated network routing solution that will provide the capability to send calls to the first available agent in any call centre across Canada;
• Migration from local Interactive Voice Response (IVR) system to a centralized standardized IVR that will allow the CRA to present more timely messages to callers helping them to self-serve;
• Skills Based Routing that will allow callers to connect to the right agent immediately, rather than having to talk to several agents to find answers;
• A Workforce Management solution will automate tasks related to forecasting, agent scheduling and traffic management, which are currently being done manually;
• A Quality Management (QM) solution comprised of various attributes (call recording, screen recording, and evaluation forms) that will be used for coaching agents on call handling to improve quality resulting in improved service to callers.

Quality Assurance activities allow the CRA to verify the quality and accuracy of the information provided to taxpayers via the telephone. The CRA has performed side-by-side listening since 2009 and this approach is not meeting our needs. Recently, the Auditor General highlighted that the CRA should ensure that its quality assurance practices generate more effective results to improve accuracy, identify opportunities for continuous improvements, and identify and monitor training needs. With the upcoming migration to the new HCCS, the CRA will rely on call and screen recordings to perform ongoing quality assurance activities with a core group of listeners and agent team leaders. Outcomes are expected to improve the accuracy of the information provided to callers by focusing on employee performance, training and coaching needs and identifying training material and process improvement opportunities. The recordings will not be used to train agents; rather, it is the observations from the listening sessions that will result in agent training.

The QM solution will enable consistent and objective assessments of interactions between agents and taxpayers by evaluators. Call and screen recording attributes will record audio interactions between taxpayers and agents as well as the agent’s computer screen as they navigate through the call. Genesys Interaction Recording (GIR) uses the SpeechMiner application to play back call and screen recordings that are stored in the GIR system. Speech Miner includes a built in Media player to play back call recordings. The player also provides authorized individuals with an option to export the recording. Selected users will be able to search for calls using agent ID, line of business, IVR exit point, agent skill set (through use of agent ID), call duration, and a variety of other searchable data. Additional information that will be captured as part of the National Quality and Accuracy Learning Program (NQALP) and Quality Support Team (QST) include: employee information limited to the name, office location and user ID of the employee being evaluated; the name of the certified listener performing the review and evaluating inquiries; the date the recordings were reviewed and evaluated, and the certified listener's observations on the employee’s communication skills, policy and procedures; information seeking skills; and accuracy of response when handling the call and answering the enquiry. As part of the quality monitoring programs, recordings are not extracted from the Speech Miner Database, nor are they kept on an employee’s or taxpayer’s file.

With the introduction of call and screen recording, the program will continue evaluations for quality purposes using this new technology. Quality Management (QM) refers to the enhancement of the NQALP and QST through the use of call and screen recordings to evaluate calls for the purposes of quality and accuracy.

Leveraging the QM technology will enable CRA to provide agents with a measurable result of call quality and accuracy. Call centres will be able to improve the accuracy of their responses to taxpayers. As part of the NQALP, certified listeners will monitor and evaluate a minimum of six calls every three months for each telephone enquiries call centre agent, and quality support agents will monitor and evaluate a minimum of two call per month for each Debt Management Call Centre (DMCC) agent. With call and screen recordings, the observations will not be done in real time. Rather, observations are based on historic information. Call recordings and screen recordings will be synchronized at playback so that a certified listener can simultaneously see and hear what transpired during the call, thus providing them with a holistic view of the taxpayer experience. While listening to the call and observing the agent’s screen activity as they navigate through the call, the evaluator will complete a standardized evaluation form within SpeechMiner as they review the call. Afterwards, they will arrange a meeting to give feedback to an agent regarding the call that was monitored and evaluated. The certified listener can play portions of the recording for the agent if it is relevant to the feedback. A copy of the completed evaluation forms will be shared with the agent.

QM administrators located at headquarters, QM managers and QM evaluators/analysts (certified listeners and QST agents) will have access to recordings. Only the local NQALP coordinator and certified listener in a telephone enquiries call centre will have access to the call recordings for the agents at their call site. The NQALP coordinator will be able to search and select calls based on established criteria, and to provide certified listeners with calls to review. Certified listeners will only have access to the calls within their call centre.

At the DMCC, QST agents and the QST team leader will have access to the call recordings for agents at any of the three call centre sites. The QST team will be given a set of parameters and they will select calls from any DMCC call centre within the 30 day timeframe. The existing procedures will be followed and will only change with the implementation of HCCS to allow for greater consistency in the quality monitoring process.

In order to ensure that certified listeners evaluate calls in a consistent manner, call and screen recordings will also be used for calibration sessions. Recordings will be played in front of a small group of certified listeners, providing them with an opportunity to evaluate a call and then engage in a discussion to compare each other's evaluations in order to reach a consensus as to how the call should be evaluated. The goal of these sessions is to help ensure consistency as to how calls are evaluated for quality purposes.

The CRA will establish a national centralized team (National Quality Assurance Section (NAS)) to evaluate and report on the quality and accuracy of information provided at the program level, outside of the NQALP process. This centralized team will evaluate and report on the quality and accuracy of calls from all call sites. This will ensure consistency across the national network, leverage quality improvement features available with the new technology, facilitate continuous improvement, and identify training needs, all of which will benefit Canadians when they interact with the Agency. To access the SpeechMiner application, national team members will be assigned access as headquarters accuracy evaluators and headquarters accuracy managers. QST members will be able to monitor any agent at any call centre in order to create a national consistency (as opposed to the current state, where a QST member is limited to monitoring calls that are answered by an agent within their respective call centre). The completed evaluation forms will not be extracted from Speech Miner..

The new supervisor desktop will allow team leaders to have access to Remote Quality Listening (RQL). Team leaders will have limited access to call recordings within SpeechMiner to compliment traditional side-by-side listening sessions. In using these tools, team leaders will rate the call and screen recordings in the same way that they assess calls during the side-by-side listening sessions. During feedback sessions, team leaders will provide agents with their results for both the live and recorded calls. The way in which team leaders take notes and prepare performance assessments will not change as a result of the call centre migration to the new platform; those records will not be entered or stored in HCCS.

Voice and screen recordings will not be stored in an employee’s file. Each call and screen recording will be uniquely identified with an interaction ID number. In cases where recordings were reviewed as part of performance management (in order to assess the performance of an individual) or as part of quality monitoring (in order to guide individual training/performance recommendations), it is the unique reference numbers that will be noted in the employee’s file. This will allow for any relevant recordings to be manually linked back to the employee’s file. Processes and procedures surrounding the use of recordings for quality management and performance management purposes are currently being discussed and developed.

Scope of the privacy impact assessment

This privacy impact assessment (PIA) identifies and assesses privacy risks to personal information relating to CRA’s Telephone Enquiries and Debt Management Call Centre operations which includes the following:

• Personal information that is used to administer call centre operations, including call and screen recordings;
• New and enhanced features provided as part of the Hosted Contact Centre Service (HCCS) that CRA call centres will implement, including Workforce Management, Quality Management, Interactive Voice Response System, Self Service and Outbound Dialling; and
• CRA's database integration, and software applications used to administer call centre operations.

Call centre agents may collect and use personal information and may require access to, and make updates to program specific systems during calls. These activities are undertaken in service to various CRA programs (e.g. Canada Child Benefits Program, GST/HST Returns and Rebates Program, Collections Government Programs, etc.). The personal information related to these activities is assessed in the applicable program PIAs. However, this PIA considers the level of risk to the personal information which is captured in contact centres, as well as the safeguards that are in place to protect the information.

In addition, as SSC has the mandate for the centralization and management of Government of Canada telecommunications networks, the following will be addressed in their Shared Services Canada Hosted Contact Centre PIA, and will therefore not be covered by this PIA:

• The personal data elements of Government of Canada users of HCCS collected for the delivery, administration and management of the HCCS infrastructure including security monitoring and auditing activities;
• Data network services including all software, servers, data centres, databases, networks, telephone switches, wiring, hubs, routers and all other hardware required to support data communications between computing devices (i.e. the infrastructure);
• Voice communication services including local and long-distance services globally, as well as secure voice and other related services; and
• Connectivity from CRA’s call center agent locations to IBM Canada Ltd. data centers.

Authorized individuals within ABSB may export recordings from IBM Canada Ltd. data centres if required for the purpose of responding to administrative requests, such as ATIP requests. For DMCC, exporting call recordings outside of the IBM Canada Ltd. data centres will fall under the responsibility of the National DMCC Program & Traffic Control section. Any calls that are exported will be securely stored at headquarters on a common drive with limited access.

This PIA will be reviewed and updated, as necessary, if the Agency decides to adopt additional features and enhancements, as well as when the remaining call centres migrate to the new platform.

Risk identification and categorization

A) Type of program or activity

Administrations of programs / activity and services

Level of risk to privacy: 2

Details: Personal information is used to administer call centre operations, which includes validating the identity of the caller if applicable, and monitoring agent-caller interactions, captured by call and screen recordings for quality assurance purposes.

B) Type of personal information involved and context

Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive.

Level of risk to privacy: 4

Details: Call centre agents may receive specific personal information in order to validate the identity of the caller (Social Insurance Number, address, contact information, date of birth, and other identification numbers). In addition, other personal information may be collected and used in order to respond to specific caller enquiries, to address compliance related matters, to send specific information, to update a caller's account, etc. Some examples of these are financial information, credit history, credit card information, language, medical information, etc.

This information is collected and used in order to administer specific tax and benefits programs (e.g. Canada Child Benefits Program, GST/HST Returns and Rebates Program, Collections Government Program, etc.) and is therefore assessed in those programs’ individual privacy impact assessments.

Quality management

The National Quality and Accuracy Learning Program (NQALP) and Quality Support Team (QST) monitoring captures employee information such as name, office location and user ID of the agent being monitored, the name of the employee doing the monitoring, the date of the monitoring session, and the monitor’s observations of the agent’s communication skills, information seeking skills, and accuracy of responses when handling calls and answering enquiries, and how the agent follows policy and procedures during calls. Recordings will only be reviewed in order to complete evaluation forms and will not be retained in either the agent or taxpayer’s file.

Workforce management, reporting functions, set-up, and administration

Additional personal information includes employees’ language qualifications, skills set, job performance, and other personal job-related metrics arising from their use of the Hosted Contact Centre Service (HCCS) systems in the performance of their job-related duties, and includes audio recordings of their interactions with callers.

With the implementation of HCCS, employees will have the ability to view other employees’ schedules (that have the same contracts) through a feature known as Shift Trading. The Shift Trading functionality will be available however will not be used on implementation date and will be looked into at some point in the future to determine how and best it will be used.

Telephone call detail information

The Hosted Contact Centre Service will also capture telephone call detail information including date, time, telephone numbers and length of the call. The system will also capture unlisted/unpublished private telephone numbers, personal cell phone numbers, and non-government telephone numbers during outbound calls. Outbound calls made by the automated outbound dialer will also capture this information, including whether or not the call was answered and to whom the call was transferred to upon connection. “Inbound” calls from those types of telephone numbers will also be captured unless the caller invokes the “call blocking feature” available from their end. This type of caller information is considered to be under CRA’s control and will be collected and stored in the vendor’s data center to assist in the quality assurance of call center agents and to perform quality assurance of service.

C) Program or activity partners and private sector involvement

With other federal institutions and Private sector organizations or international organizations or foreign governments

Level of risk to privacy: 4

Details: IBM Canada Ltd. has been contracted by Shared Services Canada (SSC) to build the infrastructure (servers, hardware, data centres, databases, networks, telephone switches) which will host the HCCS through which calls will be routed. As the technical and financial authority for the HCCS, SSC will own, maintain and support the infrastructure. CRA data, generated or stored in databases within either SSC’s or IBM Canada Ltd.’s infrastructure, is owned by the CRA and considered to remain under the control of the CRA.

SSC is responsible for performing regularly scheduled security assessment on the HCCS and its databases; and ensuring identified risks are addressed immediately. SSC will provide operational support to CRA and is responsible for security operations processes when required by IBM Canada Ltd. or the CRA. SSC will provide Service Portal Account creation and management activities for CRA administrators.

All personal information under the control of CRA, which is held in the HCCS, will be stored in encrypted format and is not readily accessible to any users outside of the HCCS. Within the HCCS the information and access to information is managed at the application level and IBM Canada Ltd. access will be restricted to those users necessary for application support.

All information transmitted through the Genesys application will be inspected by SSC for potential malware. This means that all types of personal information may be collected in order to perform this activity as all encrypted data will be decrypted and analysed for potential security threats.

In the operation of HCCS on behalf of the Government, IBM Canada Ltd. does not collect, use, or disclose personal information for its own purposes beyond those necessary for the operation of the system, and only facilitates the Government users of the system to do so, or to process information on behalf of the Government (to the extent permitted by the enabling legislation of the relevant Government program). As such its role is limited to that of an electronic service provider to the Federal Government. IBM Canada Ltd. may also collect or derive meta-data concerning the use and operation of the HCCS systems and functionality, to ensure quality and security objectives are met, and will also collect log information regarding user, system, application, database, and security system events as required to ensure confidentiality, integrity, availability, and auditability of the system.

D) Duration of the program or activity: Long-term program

Long-term program

Level of risk to privacy: 3

Details: These activities do not have a sunset date. 

E) Program population

The program affects certain employees for internal administrative purposes and certain individuals for external administrative purposes.

Level of risk to privacy: 3

Details: The CRA call centre operations affect certain employees (e.g. call centre agents) as well as individuals who contact the CRA through the call centres.

F) Technology & privacy

Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?

Risk to privacy: Yes

Details: IBM Canada Ltd. has been contracted by Shared Services Canada (SSC) to build the infrastructure (servers, hardware, data centres, databases, networks, telephone switches) which will host the HCCS through which calls will be routed.

Does the new or modified program or activity require any modifications to IT legacy systems and/or services? 

Risk to privacy: No

Details: This is being developed to replace legacy.

The new or modified program or activity involves the implementation of one or more of the following technologies: 

Enhanced identification methods

This includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc...) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).

Risk to privacy: No

Use of Surveillance

This includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices , RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc.

Risk to privacy: Yes

Details: CRA’s National Quality and Accuracy Learning Program (NQALP) and Quality Support Team (QST) activities involve the monitoring of call centre agents’ calls by certified listeners and QST members for quality assurance purposes. As part of quality management, new technology will provide the ability to record voice and screen interactions between callers and phone agents, so that call centres can improve quality assurance and monitoring processes, better identify training requirements and increase the quality of calls.

Employees and callers will be made aware that calls may be recorded for quality assurance purposes. Telephone Enquiries callers will be notified through IVR messaging “Please note that your call, including any time spent on hold, may be recorded for quality assurance purposes”. Messaging will also be added to the CRA external Web Site to advise callers that their calls may be recorded and that they have the option to opt out should they wish to do so. In cases where callers choose not to have their interactions with Telephone Enquiries call centre agents recorded, a call-back will be arranged. In cases where callers choose not to have their interactions with Debt Management call centre agents recorded, selected agents will have the ability to terminate the recording of a current call.

Use of automated personal information analysis, personal information matching and knowledge discovery techniques

For the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.

Risk to privacy: Yes

Details: The Interactive Voice Response System (IVR) is a telephone system that allows data to be provided or collected over the phone via keypad responses. The CRA call centres configured their IVR functionality in such a way that a structured database will be used to provide callers with general and account specific information, depending on the line of business.

Taxpayers contacting the DMCC will be able to check their account balances and set up a payment plan (within defined parameters) using the new self-service option through the HCCS IVR. This type of system requires systems integration to ensure that client data is available in a usable and integrated manner. HCCS IVRs will provide taxpayers with a choice in communication channels. The DMCC IVR will only be offering voice at this time as current policies surrounding communication with taxpayers are being reviewed.

G) Personal information transmission

The personal information is used in a system that has connections to at least one other system and may be transferred to a portable device or is printed.

Level of risk to privacy: 3

Details: Call and screen recordings will be used to administer the National Quality and Accuracy Learning Program (NQALP), National Quality Assurance (NQAS) and the Quality Support Team (QST) activities.

Information captured in the NQALP and NQAS evaluation forms, which has been built into SpeechMiner, may be printed out in report format; these reports will not include a transcription of the call. These reports do not contain caller's personal information, however, they may contain employee personal information. The call and screen recordings used in these evaluations will be retained within the SpeechMiner for two years, after which they will be automatically deleted from the system.

Call and screen recording reviews will be used to assess Telephone Enquiries call centre agents for performance management purposes. Unlike NQALP there is no evaluation form in SpeechMiner for performance management.

As an infrastructure service, HCCS collects and stores personal information, and provides connectivity between clients (the public and other Government of Canada employees) and agents (CRA employees or contractors). The HCCS solution is hosted on IBM Canada Ltd. premises. The IBM Canada Ltd. solution is connected to the SSC Security Operations Centre (SOC) for security event monitoring and coordinated with the IBM Canada Ltd. incident response capability. The current plan is to store all recordings on the IBM Canada Ltd. servers unless otherwise required to export for the purpose of responding to ATIP requests. IBM Canada Ltd. servers are certified to protect information up to and including Protected B material.

The SpeechMiner tool that provides the call and screen recording listening/viewing functionality is a web-based application. SpeechMiner provides an option to protect a recording from being deleted. If a recording is tagged, it will not be purged after the 30-day retention period. The system is configured to encrypt exported interactions. An exported call recording will be encrypted using WinZip.

Roles for “exporting and deleting” of recordings will remain within CRA, rather than with SSC. At this point in time, only the Quality Management auditor is granted the authorization to export audio and screen recordings. The program areas will develop internal processes with respect to the provisioning and monitoring of this role. Call and screen recordings will only be exported, as required, for the purpose of responding to ATIP or legal requests. All other unused call recordings will remain in IBM Canada Ltd. datacentres for 30 days, after which time they will be automatically deleted from the system. Recordings used for administrative purposes will be manually flagged for protection from deletion and retained within IBM Canada Ltd. data centres as per the applicable Disposition Authority.

The HCCS managed service can accept calls from across Canada and internationally, and will route them to agents throughout Canada.

Callers can contact the CRA using traditional telephony (Public Switched Telephone Network, Centrex, PBX, or mobile) and alternate contact channels such as Voice over Internet Protocol (VoIP).

To access account related information through the Interactive Voice Response (IVR) self-serve application, a caller selects the IVR service, which prompts the caller for identification information (e.g. SIN, date of birth and line 150 of their income tax return). The IVR application sends this information via IVR Interface Manager (CJIM) to the mainframe. The information retrieved is then translated to a voice recording message to the taxpayer.

H) Risk impact to the individual or employee

Details: Due to the nature of the personal information collected and used during call centre operations, a privacy breach could result in reputation harm, embarrassment, financial loss and identity theft.