Language selection

Government of Canada / Gouvernement du Canada

Search

Privacy Impact Assessment for VidCruiter Application Tracker Tool (VidCruiter)

Introduction

The Communications Community Office (CCO) maintains a list of communications employees looking for new opportunities at their current group and level. The inventory list is shared with hiring managers across the federal public service to assist them in filling vacancies on their respective teams. This activity is aligned with the CCO’s mandate as a functional community to support federal communications professionals across departments and agencies. The CCO requires a solution to automate their at-level candidate list and have contracted the Canadian-based private sector company, VidCruiter. Using VidCruiter’s digital recruitment platform, the CCO can automate and streamline the management of their at-level list. While VidCruiter offers a variety of tools for streamlining and automating various aspects of the hiring process, the scope of the PIA is limited to the applicant tracking portion of the VidCruiter tool.

Why a privacy impact assessment (PIA) was completed?

The PIA assesses privacy risks associated with the collection, retention, use and disclosure of personal information through the VidCruiter Application Tracker Tool. As VidCruiter is a new cloud-based Software as a Service (SaaS) solution, a PIA must be completed. The PIA covers the collection and use of personal information specifically related to the VidCruiter platform including for account creation, candidate profile creation, information sharing with communications managers, and reporting activities undertaken by CCO System Administrators. These new collections of personal information by a third-party service provider require the completion of a Privacy Impact Assessment, in compliance with the Directive on Privacy Practices.

PIA risk summary and mitigation strategies

There were 4 risks identified through the PIA, and mitigation strategies have been put in place for each of them:

  1. There are opportunities for the CCO to enhance information safeguarding measures while communicating with hiring managers in order to limit the potential for personal information to be inappropriately accessed and/or disclosed, which could constitute a privacy breach.

    Response: The CCO is reviewing its procedures for transmitting personal information to hiring managers and will have these safeguards in place prior to launching the at-level list through the VidCruiter platform.

  2. Retaining personal information for longer than administratively required increases the risk that personal information may be inadvertently disclosed and/or accessed, which could constitute a privacy breach.

    Response: The CCO is reviewing appropriate retention standards related to the at-level candidate inventory and is preparing an information package that will be shared with all hiring managers once VidCruiter is launched so they are reminded of their obligations under TBS policies and the Privacy Act to protect and dispose of the information after use in accordance with their department’s information management policies and established retention and disposition guidelines.

  3. Measures to validate hiring managers across the federal public service should be in place to reduce the risk of personal information being inadvertently disclosed and/or accessed, which could constitute a privacy breach.

    Response: Prior to the launch of the at-level list, the CCO will update its procedures requiring all communications managers requesting the at-level list first be validated via the Government Electronic Directory or through the managers’ direct report(s) (for example Director of Director General) within their organization.

  4. Employees within the CCO who have full system admin access to candidates’ personal information within CCO’s instance of VidCruiter must be aware of and complete all mandatory training related to policies, procedures and their legal responsibilities under the Privacy Act.
    5. Response: The CCO is developing a privacy protocol outlining the specific procedures to be followed by the CCO to ensure the protection of personal information. The protocol will be finalized and in place prior to the launch of the at-level list. Additionally, all current CCO employees with VidCruiter system admin access have a Secret level security clearance and have completed mandatory Security Awareness, Information Management and Values and Ethics training.

If you would like more information about this PIA, contact:

Communications Community Office
Treasury Board of Canada Secretariat
info@cco-bcc.gc.ca

Page details

Date modified: