Summary - Privacy Assessment on the Standard on Security Screening
Table of Contents
Introduction
This summary of the Privacy Assessment on the Standard on Security Screening (Standard) is intended to provide assurance to individuals who undergo a security screening process by the Government of Canada, that the collection, use, disclosure, retention and disposal of their personal information for the purpose of security screening, as described in the Standard, is carried out in accordance with the Privacy Act and associated Treasury Board policies, directives, standards and guidelines.
Background
The Government of Canada (GC) is responsible for safeguarding the information, assets, and people that enable the delivery of government programs and services. The practice of security screening individuals is central to that responsibility. When properly performed, security screening helps to establish and maintain a foundation of trust within government, between government and Canadians, and between Canada and other countries.
The Policy on Government Security and the Standard establish security screening as a condition of employment, contract, appointment or assignment. Security screening may also be established as a condition for other individuals external to government with whom government may need to share or provide access to sensitive or classified information or assets, or access to facilities.
Description
Security screening involves the collection of personal information from individuals, with their informed consent, and information from law enforcement and intelligence organizations and other reliable sources and methods to assess an individual’s reliability and loyalty to Canada.
Deputy heads have primary accountability for the security screening activity within their institution. To support deputy heads in exercising that accountability, the Standard defines the roles and responsibilities of executives and employees of institutions as well as officials appointed to administer the delivery of security screening services. It also defines the security screening model and criteria, and practices related to personal information collection, use, disclosure, retention and disposition, evaluation, decision making, and review for cause, review and rights of redress, and aftercare.
Security screening is conducted according to common standard for most duties or positions in the federal government. Enhanced security screening may be conducted when duties involve or directly support security and intelligence functions, or involve access to security and intelligence sources and methodologies.
Why the Privacy Assessment Was Necessary
Whereas the Treasury Board Secretariat (TBS) does not collect personal information in the context of its security policy function, the Standard mandates the collection, use, disclosure, retention and disposition of personal information for security screening. As such, it was deemed appropriate that TBS complete an overarching privacy assessment to facilitate the systematic identification and mitigation of privacy matters related to the security screening process and practices by departments which conduct security screening.
Privacy Assessment Objectives
The objective of this privacy assessment is to evaluate the security screening practices and processes set out in the Standard against the fair information practice outlined in the Privacy Act and the requirements of the Treasury Board Policy on Privacy Protection.
Privacy Assessment Findings and Summary
The Standard defines the Government of Canada’s security screening model and practices to ensure that security screening is conducted in a manner which is effective, efficient, rigorous, consistent, and fair, and to enable transferability of security screening between institutions, while respecting the privacy and other rights of individuals under the Charter of Rights and Freedoms.
Whereas security screening under the Standard requires the collection, use or disclosure of personal information, the impact on an individual’s privacy, if any, stemming from those security screening requirements is expected to be mitigated by appropriate security and privacy measures to be implemented by government institutions.
On the whole, privacy considerations associated with the requirements of the Standard are proportional to the security benefits derived from the security screening process and the resulting confidence that employees, contractors and other individuals can be relied upon to protect government information, assets, facilities, networks and systems which contain sensitive personal information of Canadians, sensitive information related to the operations of government, and confidential financial, commercial, scientific or technical third party information, and trusted to protect their employer’s interests.
Action Plan - Risk Mitigation
This Privacy Assessment does not include an assessment of institutional privacy risks. Rather, it is designed to support institutions in their privacy analysis as they assess the degree to which the implementation of the Standard will impact their existing security screening activities, processes and associated privacy practices. In conducting these assessments, institutions would ensure that any security and privacy concerns identified are sufficiently mitigated so that the personal information of individuals undergoing security screening is protected.
In the implementation of any systems and processes to support the Standard, institutions are expected to review and adopt the privacy practices identified in this report. If institutions determine that a Privacy Impact Assessment (PIA) is required, this Privacy Assessment may be used to help complete an institutional PIA.
In the implementation of the Standard, the best practices elaborated in this privacy assessment would be implemented by institutions to help ensure that the security and privacy of personal information collected, used, disclosed, and retained for the purpose of security screening are sufficiently mitigated and that individuals are provided with a right of access to their information, in compliance with the Privacy Act and Treasury Board Privacy Policy instruments.
Related Personal Information Banks
This bank describes personal information created, collected, used, disclosed and/or retained in relation to the security screening of individuals working or applying for work with a government institution. Personal information in this bank is used to support decisions for granting, denying, revoking, or reviewing for cause the reliability status, security clearance, site access status or site access clearance.
Page details
- Date modified: