Personnel security screening v 2.0 - Privacy impact assessment summary
Security and Internal Affairs Directorate
Finance and Administration Branch
Canada Revenue Agency
Overview & PIA Initiation
Government institution
Canada Revenue Agency
Government official responsible for the PIA
Janique Caron
Chief Financial Officer and Assistant Commissioner
Finance and Administration Branch
Head of the government institution or Delegate for section 10 of the Privacy Act
Steven Morgan
Director General
Access to Information and Privacy Directorate
Name of program or activity of the government institution
Travel and Other Administrative Services
Description of the class of record and personal information bank
Standard or institution specific class of record:
Security - PRN 931
Standard or institution specific personal information bank:
Personnel Security Screening - CRA - CRA PPU 917
Legal authority for program or activity
The Canada Revenue Agency is designated as a separate Agency under Schedule II of the Financial Administration Act and as such has overall responsibility over its administration, contracts and human resources management. The CRA has been granted responsibility for “general administrative policy in the Agency” under paragraph 30(1) (a) of the Canada Revenue Agency Act. This includes the responsibility for determining conditions of employment, and subsequently the security requirements for personnel security screening.
The Agency is responsible for the protection of its information and assets in accordance with the Treasury Board Secretariat (TBS) Policy on Government Security (PGS) and its related standards. To that end, an MOU between the CRA and TBS was signed providing the Agency with a degree of flexibility to implement our own personnel security screening standards when it is warranted.
Summary of the project / initiative / change
Personnel Security Screening plays a vital role within the Canada Revenue Agency’s (CRA) security program by ascertaining that all employees are appropriately screened based on the access to information and CRA premises required for the performance of their duties. All CRA employees must undergo security screening and must meet the security requirements of their position prior to being hired. Currently, there are two types of personnel screening: an assessment of reliability (which results in a Reliability Status), and an assessment of loyalty to Canada (which results in a security clearance at the Secret or Top Secret level).
What's new
The CRA has discontinued the Reliability Status Plus and associated tax compliance verifications as of January 1, 2108. However, it is still collecting information about individuals’ tax compliance during the regular security interview with external candidates who apply for jobs with the CRA or with CRA employees whose security screening comes up for renewal and when those individuals have adverse information on file. The questions on tax compliance are part of financial information and are verbal only. They pertain to the individuals’ existing debt to the CRA and whether they have arranged a plan with the CRA to repay it. Individuals’ responses are retained on the screening file’s interview notes. No verifications against the tax information on CRA systems is conducted and no further evidence is sought to confirm the individual’s answers to these questions.
Following the discontinuation of a Reliability Status Plus security screening level on January 1, 2018, the security screening program no longer performs tax compliance verifications against the information kept on the CRA internal systems. When there is adverse information on file, CRA risk assessment analysts occasionally ask the employee/candidate whether they are tax compliant and/or whether they have a repayment arrangement in place. The questions are asked to assess the extent of financial debt, individual’s reliability to comply with legislative requirements, and meet their financial responsibilities. These questions are verbal (phone interview), and answers are recorded in the interview notes and saved on the individual’s security screening file. Tax compliance of individuals (or the answers they provide) are not verified against the information available in CRA tax systems.
Scope of the privacy impact assessment
This PIA will examine the verbal tax compliance check where adverse information is discovered, in order to assesses the extent of financial debt of the individual and whether they have the ability to pay off their debt. This verbal check is not an Agency-specific indices check against data sources maintained by the Agency – as outlined in appendix C, section 11 of the Treasury Board Standard on Security Screening. The Personnel Security Screening Program checks financial obligations to assess financial situation. This PIA will examine the verbal tax compliance process and related activities.
These activities include: when there is adverse information on file, CRA risk assessment analysts occasionally ask the employee/candidate whether they are tax compliant and/or whether they have a repayment arrangement in place. The questions are asked to assess the extent of financial debt, individual’s reliability to comply with legislative requirements, and meet their financial responsibilities. These questions are verbal (phone interview), and answers are recorded in the interview notes and saved on the individual’s security screening file. Tax compliance of individuals (or the answers they provide) are not verified against the information available in CRA tax systems.
Risk identification and categorization
A) Type of program or activity
Criminal investigation and enforcement / National Security
Level of risk to privacy: 4
Details:
Personal information is collected for the purpose of administering the CRA security screening program. Information uncovered or disclosed during the screening process may affect the individuals’ ability to obtain employment with the CRA if the application for security screening level is denied or may impact their ability to keep their existing employment when the previously granted security screening level is revoked.
Personal information uncovered or disclosed during the security screening process may lead to CRA audits or the reviews of individual’s eligibility for benefit programs when issues are uncovered related to individual’s tax compliance or eligibility for benefits.
When adverse information is uncovered or disclosed by individuals that suggests they may pose a serious threat to themselves or others, or involves offences against the Criminal Code of Canada, the information must be disclosed to law enforcement authorities (e.g. police of jurisdiction). The law enforcement authorities may enter such information in their databases, which could impact future employment or volunteering opportunities, or other activities that require security screening (e.g. employment with schools, banks, etc.). Disclosures to law enforcement authorities could also lead to an individual’s investigation, arrest, charge(s), criminal prosecution, conviction, and, ultimately, imposition of a sentence.
B) Type of personal information involved and context
Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive.
Level of risk to privacy: 4
Details:
Personal information always includes biometric information (e.g., fingerprints, digital photographs), credit reports, and criminal records, and may include opinions or assessments of an individual’s character (e.g., loyalty, trustworthiness), law enforcement records, employee personnel information, financial information, gambling or addictions, which are all of highly personal and sensitive nature, and may cause embarrassment to the individual when discussed.
C) Program or activity partners and private sector involvement
Private sector organizations or international organizations or foreign governments
Level of risk to privacy: 4
Details:
The CRA shares personal information with the RCMP, CSIS, and a private credit bureau agency (currently Equifax) to obtain individuals’ criminal and credit reports that are required for government security screening. The information provided to the RCMP and the private credit bureaus are limited to identifying information necessary to run the report. The channels used for transmittal of information with RCMP and CSIS use government approved secured networks. For credit reports, the CRA relies on Equifax security controls to protect personal information.
D) Duration of the program or activity:
Long-term program
Level of risk to privacy: 3
Details:
The CRA personnel security screening program follows the government (TBS) policies and standards, which are established permanently. This is a long-term program.
E) Program population
The program affects most or all individuals for external administrative purposes.
Level of risk to privacy: 4
Details:
Security screening is mandatory for all government employees and contractors. Credit checks are also mandatory. When credit reports come back with potential issues, the CRA must follow up with the individual to understand their financial pressures for the purposes of assessing security risks for the organization.
F) Technology & privacy
Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?
Risk to privacy: No
Does the new or modified program or activity require any modifications to IT legacy systems and/or services?
Risk to privacy: No
The new or modified program or activity involves the implementation of one or more of the following technologies:
Enhanced identification methods - this includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc...) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).
Risk to privacy: Yes
Details: Fingerprinting is mandatory in the government security screening, but there are no modifications in collecting information for these mandatory verifications.
Use of Surveillance - this includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices , RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc.
Risk to privacy: No
Details: n/a
Use of automated personal information analysis, personal information matching and knowledge discovery techniques - for the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.
Risk to privacy: Yes
Details: The CRA shares the collected personal information with the RCMP, CSIS and a private sector credit bureau agency to obtain mandatory reports required for security screening. These organizations conduct their checks by matching an individual’s personal information against their operational records, data holdings, or intelligence sources. Personal information disclosed to the RCMP include the name, date of birth, address, fingerprints, and gender. Personal information transmitted to the credit bureau agency includes the name, address and date of birth. Personal information disclosed to the CSIS includes the information from the entire screening form Security Clearance Form - TBS/SCT 330-60 when Secret clearance is requested.
G) Personal information transmission
The personal information is used in a system that has connections to at least one other system.
Level of risk to privacy: 2
Details:
Information is transmitted to the RCMP and CSIS through government-approved secured networks, which use encryption technologies. Information is transmitted to the credit bureau agency using the bureau’s own secure online system. There have been no known breaches to these systems.
H) Risk impact to the individual or employee
Details:
There have been no known privacy breaches to systems transmitting or storing personal information for security screening purposes to date. Although highly unlikely, it is possible that a privacy breach occurs if the information from the individual’s screening file is disclosed, misdirected or the transmission channels are intercepted. In such an event, employees, candidates applying for CRA jobs or contractors may suffer embarrassment deriving from unauthorized individuals knowing, for example, their financial debt or the existence of their criminal record. It is highly unlikely that breached information would result in a serious harm to individuals, such as material losses or physical harm. It is also highly unlikely, although possible, that in the event the information is intercepted and stolen, it could be sold or used for identity theft. Personal information that involve the threats to national security, or informant and witness protection program, are designated at the higher level of protection and follow more stringent rules of storage and transmission. This information is not available on regular security screening systems and shared drives.
Page details
- Date modified: