Privacy Impact Assessment Summary for the Certification Program for the Federal Government Procurement and Materiel Management Communities
The publication of this summary of the Privacy Impact Assessment (PIA) will help to assure employees of the Federal government that the Government of Canada has undertaken significant measures to maintain the privacy of their personal information provided for the purposes of the Certification Program for the Federal Government Procurement and Materiel Management Communities.
Federal employees working in procurement and/or materiel management can obtain a professional designation through a government-wide certification program. The Certification Program for the Federal Government Procurement and Materiel Management Communities certifies two professional designations: CFSP - Certified Federal Specialist in Procurement at Levels I and II and CFSMM - Certified Federal Specialist in Materiel Management at Level I .The Procurement, Materiel Management and Real Property Communities Management Office (PMMRP CMO) at Treasury Board of Canada Secretariat (TBS) manages the Certification Program and co-ordinates the participation of federal departments, agencies and central agencies, professional designation granting bodies and professional institutes in its management.
The administration of the Certification Program is carried out by the Canadian General Standards Board (CGSB). It acts as the certification body, providing an independent and impartial assessment of candidates' qualifications against the Program requirements.
Certification provides proof of professional qualifications, signals that an employee can perform effectively in the Federal Government work environment and provides a competitive edge in pursuing career opportunities in procurement or materiel management.
The scope of this Privacy Impact Assessment included the analysis of different clusters of personal information collected and used during the various Certification processes for the purposes of the Certification Program for the Federal Government Procurement and Materiel Management Communities. Examples of personal information include:
- Biographical Information
- Contact Information
- Educational Information
- Employee Identification Information
- Administration, program, activities identifiers
- Other Assessments including exam results
The personal information is collected from Certification Program applicants who are employees of the Government of Canada and its agencies. The information collected consists only of data provided by the individual either directly or with consent at the time of collection with no contextual sensitivities. For the Treasury Board Secretariat, personal information is collected pursuant to section 7(1)(e) of the Financial Administration Act.
Why the Privacy Impact Assessment Was Necessary
In order to ensure compliance with the Privacy Act and associated Treasury Board Secretariat privacy policies, this Privacy Impact Assessment examined privacy risks which may be associated with the certification program. Identified privacy risks were mitigated, reduced or eliminated by implementing specific response measures.
Privacy Impact Assessment Objectives
To assess, reduce and mitigate potential risks associated with the collection and use of personal information in order to allow TBS and participating departments and agencies to track participant progress through the Program and provide support as required. A thorough analysis of all personal information elements was completed to ensure that that only individuals who have a "need to know" can use and access the data.
Privacy Impact Assessment Findings and Risk Summary
This privacy impact assessment of the Certification Program for the Federal Government Procurement and Materiel Management Communities did not identify any privacy risks that cannot be managed using the current safeguards.
The collection of personal information for the administration of the Certification Program for the Federal Government Procurement and Materiel Management Communities poses few privacy risks to participants, all of which are considered to be low in severity, relating mostly to process documentation.
Action Plan – Risk Mitigation
Any risks have been mitigated with the implementation of the recommendations within the Privacy Compliance Analysis including the implementation of a Privacy Notice Statement to ensure each individual is given the opportunity to provide informed, meaningful consent at each stage of the process.
The Certification Program complies with the provisions of the Privacy Act, Privacy Regulations and the Treasury Board of Canada Secretariat Directive on Privacy Impact Assessments, Directive on Privacy Practices and Policy on Privacy Protection.
- Date modified: