Privacy Impact Assessment Summary for Phoenix Damages Claims Processing – Consolidated PIA
Introduction
This Privacy Impact Assessment (PIA) reflects the current situation for the Claims Office. Information has been amalgamated from the three PIAs that were previously approved and submitted to the Office of the Privacy Commissioner (OPC), and where required, updated to reflect the current procedures for the handling of personal information for the damage claim process.
Background
The Phoenix pay system was implemented by the Government of Canada in February 2016. Since then, approximately fifty percent (Source: The Phoenix Pay Problem: Working Towards a Solution, Report of the Standing Senate Committee on National Finance, The Honourable Percy Mockler, Chair, The Honourable Mobina S.B. Jaffer, Deputy Chair, The Honourable André Pratte, Deputy Chair, July 2018) of the federal government’s public servants have been affected through underpayments, over-payments, and non-payments. In September 2016, the Treasury Board Secretariat (TBS) as the Employer, announced a Government of Canada-wide (GC) claims process for employees who had incurred out-of-pocket expenses or had government benefits disrupted due to Phoenix pay issues.
Following the creation of the Claims Office within TBS, and implementation of claims processes for out-of-pocket expenses, bargaining agents raised the need for an expanded claims process to compensate those public servants who experienced financial and non-financial damages, such as lost interest on investments, use of sick leave and other severe impacts and other demonstrable cases. In response, an agreement was reached between TBS and certain bargaining agents in June 2019 providing additional compensation to represented employees who suffered financial and non-financial damages due to issues with their pay caused by the Phoenix pay system (“2019 MOA”). In October 2020, a similar agreement was reached between TBS and the Public Service Alliance of Canada (PSAC) (“2020 MOA”), and in early 2021, the catch-up clause of the 2019 MOA was implemented through a Catch-up Agreement (Catch-up). Separate agencies have since negotiated similar agreements with their bargaining agents, and employees subject to these agreements are also eligible to submit claims. Other agreements and class action suits that could also extend or provide compensation for similar damages are under consideration.
Under the Directive on Payments and Phoenix damages agreements, current and former public servants, or legal representatives on behalf of the estate of a deceased employee or of a current or former incapacitated employee, who have experienced severe impacts during fiscal years 2016-17, 2017-18, 2018-19 and 2019-20, can be financially compensated under the terms of the current agreements and entitlements. Claims are organized into five types:
- Existing Claims – refers to compensation for out-of-pocket expenses (e.g., interest related to late or missed payments from credit cards, loans, etc., NSF cheques, late payment penalties), tax advisory services, impacts on income taxes, impacts on government benefits and credits. This process has been fully implemented by the Claims Office for all employees
- General Damages – refers to general compensation for stress, aggravation, and pain and suffering and late implementation of 2014 collective agreements. Compensation is in the form of a cash payment (2020 MOA, catch-up agreement) or additional vacation leave (2019 MOA). Subsequent agreements may increase existing compensation or extend terms.
- Tier 1A – Refers to compensation efforts for current (active) employees, to whom compensation is processed automatically. These payments are out of scope for the Claims Office.
- Tier 1B – Refers to compensation efforts for former employees, who are required to submit a claim to the Claims Office. This process has been implemented for the 2019 MOA and the 2020 MOA and the Catch-up Agreement in December 2021.
- Financial/Investment Losses (Tier 2) – Refers to compensation for Financial and Investment Losses which fall outside the scope of the Existing Claims process. The Damages MOA for Tier 2 compensation were signed on June 12, 2019, with a number of bargaining agents, and October 23, 2020, with the PSAC. This compensation aims to provide compensation to employees who suffered financial/investment losses due to issues with their pay caused by the Phoenix pay system. This includes compensation for financial costs and lost investment income such as:
- non-speculative investment losses associated with cashing in an investment instrument such as stocks, loss due to early withdrawal from an RRSP,
- interest on outstanding debt instruments due to delayed severance or pension, and
- interest on missing severance, pension or pay.
- Severe impacts and other demonstrable cases (Tier 3) – refers to compensation efforts for severe impacts and other demonstrable cases such as, but not limited to, bankruptcy, impacts to credit ratings, mental anguish, or trauma. Compensation is in the form of cash payments or leave recrediting. All claimants must submit a claim to the Claims Office. Claims processes have been implemented under the 2019 MOA. The Tier 3 claims process was implemented in November 2021.
- Bouchard Class Action – refers to proposed general compensation efforts for current and former federal student, casual, term less than 3 months, and part-time workers through a claim submission to the Claims Office. This process may be implemented following a Court Order, at a date to be determined.
Description and Scope
The scope of this PIA is limited to personal information associated with Phoenix Claims administered by the Claims Office. This is not a PIA assessing the entirety of information held in Phoenix.This PIA assesses the aspects of the collection, use, disclosure, retention, and disposition of personal information as they relate to Claims Office processes.
Leveraging previous content, this PIA reflects:
- the collection of personal information through the claims applications through the relevant Claims Website Portal(s) or via regular mail or courier to the TBS Claims Office;
- the processing of claims through the CRM by the TBS Claims Office; and
- the use of necessary personal information for proactive outreach.
- The retention and disposition of personal information in accordance with the TBS Retention and Disposition Standards for claims.
In addition, there have been procedures developed by the Claims Office for the use of the Phoenix Pay system to payout Tier 1B and Tier 2 as well as well as potential Bouchard damages. While these procedures do not require the collection of new information, it does require a new disclosure of personal information to TBS Claims Office from PSPC via the Information Sharing Agreement.
Why the Privacy Impact Assessment Was Necessary
Under subsection 6.3 of the TBS Directive on Privacy Impact Assessment, institutions must undertake PIAs for programs and activities when:
- personal information is used for or is intended to be used as part of a decision-making process that directly affects the individual;
- upon substantial modifications to existing programs or activities where personal information is used or intended to be used for an administrative purpose; and
- contracting out or transferring a program or activities to another level of government or the private sector results in substantial modifications to the program or activities.
A first, foundational action under this new approach is to amalgamate all existing Claims Office PIAs and existing Privacy Addenda into this single Privacy Impact Assessment.This document incorporates updated content from:
- The 2017 Phase 1 (Out-of-Pocket) PIA
- The 2019 Tier 1B and Tier 2 PIA
- The 2020 Tier 3 PIA
- The 2021 Privacy Addendum on Tax Slip Mailing Process
- The 2021 Privacy Addendum on Government Benefits
- The Bouchard Class Action may be implemented following a Court Order, at a date to be determined.
Privacy Impact Assessment Findings and Risk Summary
This PIA provides an informed assessment of the privacy risks associated with the collection, use, disclosure, retention, and disposal of personal information, including, but not limited to, the Social Insurance Number (SIN), employee personal record identifier (PRI), medical, financial and employee personnel file information, and provides recommendations to mitigate identified privacy risks to an acceptable level. Note that the SIN is no longer required as part of the process; however, it was collected in the past and has not yet met the required retention standard and therefore has not yet been destroyed.
Two medium level and five low level privacy risks were identified through this PIA, that center around the completion of procedures, privacy control documentation and readiness training content that reflect the expanded and updated processes associated with Tiers 1B, 2 and 3 and the pending Bouchard Class Action.
The Claims Office continues its work to mitigate all privacy risks in a timely manner and has already completed a significant amount of work to date.
Action Plan – Risk Mitigation
Mitigation measures have been developed in response to each privacy risk identified in the PIA. These mitigation measures are intended to ensure that TBS and stakeholders involved in the processing of claims comply with:
- Accountability; and
- safeguards.
All risks are actively being mitigated based on the recommendations put forth as part of this PIA.
Page details
- Date modified: