Language selection

Government of Canada / Gouvernement du Canada

Search

Privacy Impact Assessment for Self-Identification Modernization

The Office of the Chief Human Resources Officer (OCHRO) supports the Treasury Board in its role as the employer by driving excellence in people management and ensuring the appropriate degree of consistency across the public service. OCHRO fulfills this mandate in a manner that is compatible with primary deputy head accountability and responsibility.

In 2020, in keeping with its mandate to support equity, diversity and inclusion in the public service, OCHRO launched its Self-Identification Modernization Project. Its purpose was to review and assess employee self-identification processes, practices, and systems, and to update the Government of Canada’s Self-Identification (Self-ID) Questionnaire in the core public administration (CPA). OCHRO collects self-ID data in accordance with its authorities under the Employment Equity Act, Financial Administration Act and the Privacy Act.

Why a Privacy Impact Assessment was completed

OCHRO elected to undertake a Privacy Impact Assessment (PIA) in relation to the Self-ID Modernization Project and the development of the updated Self-ID Questionnaire and a new centralized application on the Treasury Board Secretariat of Canada (TBS) Application Portal (TAP). Although information collected from the Self-ID Questionnaire will not be used to make decisions that directly affect employees, the Self-ID Questionnaire will collect personal information. The Self-ID Modernization Project will also impact the manner in which personal information is collected and processed by TBS and the Government of Canada.

In 2024, an Addendum to the original PIA of the Self-ID Modernization Project was completed for this project to support the integration of an Alternative Format Self-ID Questionnaire (AFSI) and a protocol for the distribution, collection, storage, and data entry of AFSI Questionnaires.

The implementation of an AFSI Questionnaire enables the inclusion of employees who cannot complete their self-identification in the centralized, online Self-ID Application due to:

  • a disability-related accommodation need that is not being met by the accessibility features in the application.
  • an operational requirement that prevents the employee from accessing the application at any point during their work hours throughout the year (for example, working in remote areas without reliable internet access).

Additional Information

Self Identification Modernization PIA:

  1. Lack of clarity around OCHRO’s legislative authority to collect an expanded set of equity, diversity and inclusion (EDI) personal information for administrative or non-administrative purposes – risk mitigated – Legal opinion obtained confirming OCHRO’s legal authority to collect EDI personal information through the new Self-ID Questionnaire to fulfill Treasury Board’s obligations as employer under the Employment Equity Act (EEA) and to support its responsibility for effective human resource management under the Financial Administration Act (FAA).
  2. Lack of clarity on whether the protection of an individuals’ rights under the Canadian Charter of Rights and Freedoms has been given sufficient consideration – risk mitigated – Self-ID information is being collected from employees on a voluntary basis and with proper legal authority.
  3. Lack of documented evidence of due diligence, including formalized public policy or documented decisions – risk mitigated – A robust operational and policy framework has been established by OCHRO to ensure that the Self-ID Modernization Project is properly managed, and that accountability and responsibility for privacy issues arising from the project is assigned and documented.
  4. The purpose of collection, use and disclosure of EDI personal information has not been clearly identified and supported by documented policy and procedures – risk mitigated – Privacy notifications have been developed and finalized for inclusion in the online Self ID Application which resides on the TAP.
  5. Multiple retention and disposition policies in place for employment equity (EE) data collected by OCHRO, Public Service Commission and the Core Public Administration Human Resources Management System (HRMS) – risk mitigated – Self-ID information will be retained by the Government of Canada for a minimum of two years and a maximum of 10 years following an employee’s departure from the federal public service. This is in keeping with the identified retention and disposal schedules and authorities associated with the personal information.
  6. Risk of over-collection through the use of open text boxes – risk mitigated – open text boxes have a limited character count (50) to discourage the entry of excess detail. Furthermore, footnotes are included asking employees to avoid including sensitive personal information such as medical history, names of individuals or accounts of workplace issues.
  7. At the time of drafting the PIA, an up-to-date and viable Threat Risk Assessment (TRA) or Security Assessment and Authorization (SA&A) in relation to the application had not been performed – risk mitigated – Both the TAP, which will house the Self-ID Questionnaire, and its supporting Self-ID Application and database have undergone TBS’s SA&A process and have received an Authority to Operate (ATO).
  8. The use and disclosure of the EE and EDI personal information during an administrative use of the data could reveal information about the employee that was not publicly known and may present a risk to the employee, which could be manifested in a variety of ways including, but not limited to, personal safety and security – risk mitigated – As stated above, both the TAP, which is to house the updated Self-ID Questionnaire, and its supporting database, the Self-ID Database (SIDB), have undergone TBS’s SA&A process and have received an Authority to Operate (ATO). Security and vulnerability testing will continue throughout the systems’ use, in keeping with TBS security policies.

Addendum to the Self-ID Modernization PIA: Alternate Format Self-ID (AFSI) Questionnaire, policies and procedures

  1. There may be variation in how each department carries out its responsibilities for managing the distribution, collection, storage, and data entry of the AFSI Questionnaire – risk mitigated – Messaging will be sent prior to the release of the Self-ID Application to ensure that all department heads of human resources (HHR) and all AFSI stewards are aware of their responsibilities and accountability.
  2. Departments may assign the duties of AFSI steward to employees who do not have the appropriate security clearance – risk mitigated – The AFSI Protocol and the Self-ID Information Sharing Arrangement (ISA) both specify that all departmental AFSI stewards, including students and contractors, have a reliability level security clearance.
  3. Employees assigned to fulfill the duties of AFSI steward may not have sufficient knowledge about how to handle and safeguard personal information in compliance with the Privacy Act risk mitigated – The AFSI Protocol and the Self-ID ISA both specify that all departmental AFSI stewards, including students and contractors, must have completed prior training in privacy and data stewardship, such as the Canada School of Public Service course “Privacy in the Government of Canada.”
  4. Employees using the AFSI Questionnaire may not be aware of the purpose of self-ID data collection, use and disclosure of EDI personal information – risk mitigated – The AFSI Questionnaire will include the same information that appears in the online Self-ID Application about the purpose, collection, and management of self-ID data, as well as a formal long-form privacy notice (Appendix D). This information will appear on the pages that precede the questionnaire, modified where necessary to reflect any AFSI-specific procedures for the management of self-ID information.
  5. There is a risk of over- and under-collection through the entry of information by AFSI stewards that employees provide in the open text boxes in the AFSI Questionnaires – risk mitigated – AFSI stewards are required to enter in all text provided by employees in the open text boxes of the AFSI Questionnaire to ensure that this data is treated in the same way as data entered directly by employees in the online Self-ID Application during the data sorting and sanitization process. To limit collection of information outside the scope of the Self-ID Questionnaire, the AFSI Questionnaires contain the same privacy reminders described in the primary Self-ID PIA.
  6. Employees who need to use an AFSI Questionnaire to complete their self-identification may have concerns about how to modify or delete their self-ID data from the centralized Self-ID Database – risk mitigated – The AFSI Protocol includes procedures and notification templates for AFSI stewards to let employees know how they can modify their self-ID information.

Related Personal Information Banks

Self Identification Modernization

Bank number: TBS PCU 760

For more information about this Privacy Impact Assessment

Michael Wesley-James
Director, Equity Diversity and Inclusion
Tools and Data Policy
michael.wesley-james@tbs-sct.gc.ca

Page details

2026-02-19