Government of Canada Pension Modernization Project, release 1.0: Privacy impact assessment summary
The Government of Canada's Privacy Impact Assessment Policy requires the publication of a summary outlining the results of a privacy impact assessment. This requirement is considered desirable to demonstrate that privacy considerations were examined in the planning of a project.
The framework used in the preparation of this summary conveys a concise yet detailed description of the business process as well as indicating the identified privacy risks and recommendations for risk mitigation. Certain aspects of the business model description are omitted in order to avoid any compromise of security.
This document summarizes the privacy impact assessment that the Government of Canada undertook to ensure that privacy was considered throughout the development and deployment of release 1.0 of the Government of Canada Pension Modernization Project. The privacy impact assessment concluded that some personal information is involved in release 1.0.
The privacy risks identified in the privacy impact assessment of the Government of Canada Pension Modernization Project, release 1.0 are rated "low" in severity. Implementation of the mitigation mechanisms described in the privacy risk management plan below will alleviate these concerns.
Public Works and Government Services Canada is the administrative authority for the disbursement of pay and pension services under the Department of Public Works and Government Services Act. The department is responsible for the administration of pension plans for public servants governed under the Public Service Superannuation Act, and for the administration of the respective pension plans for the members of Parliament, federal judges, the diplomatic corps, and the lieutenant governors. The department also provides pension services, on a cost recovery basis to the military members of the Department of National Defence.
The Government of Canada Pension Modernization Project has been established to develop and implement both the business transformation and information technology (IT) solutions for the renewal of Public Works and Government Services Canada's pension administration systems and services. The project will provide a modern pension administration infrastructure through the phased adoption of commercial off-the-shelf (COTS) software-based solutions for both core pension administration and customer relationship management (CRM). The transition to the COTS software based solution will be carried out in concert with a careful plan to transform the pension administration business organization, functions and processes.
The business requirements for Government of Canada Pension Modernization Project, release 1.0 are focused on the delivery of customer relationship management (CRM) and case management tools for Superannuation, Pension Transition and Client Services Sector pension experts in Shediac, New Brunswick. This includes a call centre application to handle incoming calls from clients, a training module and an identity management component for user authentication and access control.
Agents include Superannuation, Pension Transition and Client Services Sector pension specialists, client inquiry, pension portability and executive services personnel. Approximately half of the staff working in the client contact centre are expected to access and use the release 1.0 system.
Clients can be annuitants (retired members), contributors (active members) and employers. There are approximately 250,000 contributors and approximately 270,000 annuitants. Employers are federal government departments and Crown agencies.
The client will call a 1-800 number with an inquiry or request. There are three categories of 1-800 numbers available for clients to call: an executive services number, a general superannuation number and an employer number. Calls received through the executive number and teletype (TTY) calls received through the general superannuation number will be routed directly to a pension expert.
General inquiries on the superannuation number will be routed via an interactive voice response (IVR) system to an agent based on availability and skill set. Employer calls will be supported in a future release.
During fiscal year 2004 to 2005, 144,750 calls were made to the English and French general 1-800 service numbers by clients. The number of calls grew in fiscal year 2006 to 2007 and is expected to double due to the centralization of additional services to the Superannuation, Pension Transition and Client Services Sector.
Personal information collected by the Government of Canada Pension Modernization Project, release 1.0
The following data elements which constitute personal information are affected as follows:
- personal identifiers: a caller will be required to enter their Personal Record Identifier (PRI) number (active member) or service agreement (SA) number (retired) into the interactive voice response (IVR) system to allow for call routing
- names: the agents will be required to verify caller's identity once the call has been routed. This verification may include the following elements: case number, last and first name of an individual (or other variations of names), PRI number, SA number, relationship, address, phone number and email address
With release 1.0, the new functionality will not affect the way personal information is currently being handled or processed. No legacy applications or databases are being discontinued during the operational period for release 1.0.
The table below represents the personal information involved in the two business processes of the Government of Canada Pension Modernization Project, release 1.0.
|Business process||Description of personal information element||Collected by||Type of format (for example paper, electronic)||Used by or disclosed to||Purpose of collection||Storage or retention site|
||Manage client inquiries and phone requests by client contact centre||
||system generated correspondence printed in a centralized area in the Superannuation, Pension Transition and Client Services Sector or locally for an agent to complete prior to mailing||Paper||Manage outgoing mail||
Privacy risk management
Section 6 of the privacy impact assessment identifies the Government of Canada Pension Modernization Project, release 1.0 privacy risks and potential risk mitigation strategies. The table below summarizes that information.
|Element||Nature of risks||Level of risks||Proposed mitigating mechanisms|
|Potential unauthorized disclosure of private information||
|Capturing personal identifier data over interactive voice response (IVR)||
||Low||Personal Record Identifier (PRI) or service agreement (SA) is not related to or stored with a name in the IVR|
The privacy risks identified in the privacy risk management plan are evaluated as "low" in severity. Public Works and Government Services Canada has examined the impacts and has proposed appropriate mitigation strategies for the identified privacy risks associated with release 1.0 of Government of Canada Pension Modernization Project.
Most notably, the use of the interactive voice response (IVR) highlighted a concern about the entry of a Personal Record Identifier (PRI) or service agreement (SA) number. The IVR system merely uses these numbers to direct the call and not to display any specific information on the agent's screen. Agents' scripts will prompt the agent to collect identification information from the caller and authenticate the caller using data held in legacy systems.
The proposed mitigating mechanisms for the identified privacy risks indicate a continued commitment by the Crown in ensuring the confidentiality and privacy of the personal information collected from individuals.
- Date modified: