Privacy Impact Assessment Summary for Using Artificial Intelligence to Automate Candidate Evaluations in the Staffing Process’s Assessment Phase
Introduction
The Treasury Board of Canada Secretariat’s (TBS’s) Human Resources Directorate has procured a third-party platform called Knockri, a software company that specializes in artificial intelligence (AI)-driven hiring interview assessments, to host and assess the interview portion of a current Administrative Services (AS) and Executive (EX) level staffing process as part of a pilot project.
Knockri provides an AI-based skills assessment platform that aims to help employers make informed hiring decisions by evaluating candidates’ job-related skills and competencies through an audio-based interview. Knockri’s software utilizes natural language processing and machine-learning algorithms to analyze candidates’ responses to video or text-based interview questions. The platform assesses various factors, such as language proficiency, communication skills, cognitive abilities and personality traits, to provide employers with insights into a candidates’ suitability for a particular role.
Why the Privacy Impact Assessment (PIA) was necessary and scope
Knockri is a platform that:
- facilitates audio and video-based asynchronous interviews
- evaluates candidates against merit criteria set by the hiring manager
- provides detailed candidate feedback reports for informed decision-making
- streamlines the process for time and cost efficiency
By leveraging AI and automation, Knockri aims to reduce bias in the hiring process and improve overall efficiency, helping employers identify the most qualified candidates more effectively. It provides data-driven insights and analytics to help organizations make objective and informed decisions in their staffing and recruitment processes.
The PIA examined the privacy impacts associated with the collection, retention, use and disclosure of personal information by TBS via the use of the third-party AI platform Knockri for the administration of the interview portion of the staffing process.
The use of Knockri to conduct candidate assessments and its associated privacy risks falls within the scope of the PIA. Although references to the entire staffing process may be cited throughout the PIA for contextual purposes, the full staffing process was considered to be out of scope.
To understand Knockri’s function in the staffing process, this PIA focused on examining the platform and conducted a thorough assessment at each stage of the staffing process where Knockri was utilized. Ultimately, the completion of a PIA will assist human resources officials in assessing risk, demonstrating due diligence, and compliance with legislative and policy requirements.
PIA risk summary and mitigation strategies
Based upon available information, the PIA identified nine potential risks to the privacy of personal information related to the collection, use, disclosure and retention of personal information:
- Lack of remediation mechanisms: In the event of a privacy breach or discriminatory outcomes, candidates may have limited recourse or opportunities for redress, leading to frustration and distrust in the hiring process.
- Data security in transit: Unknown status of use of encryption in transit (between Knockri and TBS) may result in personal information being transmitted or retained in the clear. Such transmission or retention may leave the information vulnerable.
- Inaccurate assessments: Knockri’s assessment process may not accurately evaluate candidates’ skills and qualifications, leading to unfair outcomes and potential privacy violations.
- Limited control over data: Candidates may have limited control over the use and sharing of their personal data once it is submitted to Knockri, raising concerns about consent and privacy rights.
- Biases in algorithms: There’s a risk of algorithmic bias in Knockri’s assessment process, which could unfairly discriminate against certain candidates based on factors such as disability, cultural differences and so on.
- Lack of transparency: The criteria used by Knockri to evaluate candidates may not be fully transparent, making it difficult for candidates to understand why they were not selected or to challenge the decision.
- Data security: Knockri collects and stores sensitive personal information that could be vulnerable to data or privacy breaches if proper security measures are not in place.
- Regulatory compliance: The use of Knockri in the federal public service must comply with privacy laws and regulations, such as the Privacy Act, the Employment Equity Act and the Public Service Employment Act, which requires careful oversight and management of privacy risks.
- Retention of personal information: Knockri may retain candidates’ personal data beyond the necessary period, leading to prolonged exposure of sensitive information and increasing the risk of unauthorized access or misuse.
Program officials deployed multiple security and privacy safeguards to protect personal information throughout the life cycle of the activity. Examples of these safeguards include but are not limited to the following:
- privacy protocols implemented as a result of ongoing engagement with TBS Legal Services and Access to Information and Privacy officials for guidance and advice
- well-defined and documented internal privacy breach protocols and procedures within TBS
- audits or human intervention by human resources advisors of Knockri AI assessment results to maintain the quality and fairness of the evaluation process
- implementation of safeguards that limit Knockri’s access to and disclosure of personal information via administrative (for example, project protocols), technical (access roles and so on), and physical (appropriate security clearance) means
- secure transmission of personal information between TBS and Knockri through means such as encryption, password protections and other necessary security measures
- adherence to terms and conditions, informed consent, and privacy notice statements, providing candidates with clear information at multiple steps in the assessment process
- information sessions available to all candidates in both official languages before the assessment, providing a comprehensive walk-through of the assessment process and technical assistance and to address frequently asked questions
- Knockri’s 24/7 user support team availability to assist with technical issues and address assessment-related inquiries before, during and after the assessments
- a comprehensive invitation email package, including:
- an extensive privacy notice statement
- information on Knockri’s science
- a frequently asked questions page for candidates
- contact information for technical support
- limiting of the allocation of permission rights and access to personal information collected for every competitive process to hiring managers who have relevant responsibility
Potential impacts on the privacy of individuals continue to be properly managed by TBS’s Human Resources Directorate officials through legal, policy and technical measures geared to the protection of personal information. Recommendations and actions undertaken to mitigate risks included in the PIA are expected to reduce privacy risks to a low (or acceptable) level.
Page details
- Date modified: