Certification Program for the Federal Government Procurement and Materiel Management Community Privacy Impact Assessment Summary

Introduction

The publication of this summary of the Privacy Impact Assessment (PIA) will help to assure employees of the Federal government that the Government of Canada has undertaken significant measures to maintain the privacy of their personal information provided for the purposes of the Certification Program for the Federal Government Procurement and Materiel Management Community.

The Privacy Impact Assessment Policy requires that the PIA completed for the Certification Program for the Federal Government Procurement and Materiel Management Community be provided to and reviewed by the Office of the Privacy Commissioner (OPC). With the formal review process now complete, the results indicate that all privacy issues were addressed and the OPC is satisfied that the Certification Program for the Federal Government Procurement and Materiel Management Community poses few material privacy risks to Canadians. The privacy risks identified are all considered low in severity, relating mostly to process documentation.

Background

The Certification Program for the Federal Government Procurement and Materiel Management Community is based on the Canadian General Standards Board standard CGSB-192.1-2005: Competencies of the Federal Government Procurement, Materiel Management and Real Property Community. It enables practitioners in procurement and materiel management of the federal government to obtain a professional designation recognizing their level of qualifications. To obtain the professional designation, practitioners must meet the training, experience and knowledge requirements of the program outlined in the CGSB-192.1-2005 standard. 

The personal information collected is used by the Canadian General Standards Board to conduct an independent and impartial assessment of candidate's qualifications against the requirements of the CGSB standard CGSB-192.1-2005 Competencies of the Federal Government Procurement, Materiel Management and Real Property Community.

The authority to collect personal information is authorized by the DPWGS Act, section 7, 15, 16 and 17 and is found in Order-In-Council Number: P.C. 1998-657.

Nature of personal information collected

The different clusters of personal information collected or used during the various Certification processes in support of candidature in the Program for the Federal Government Procurement and Materiel Management Community may include:

  • Biographical Information
  • Contact Information
  • Educational Information
  • Employee Identification Information
  • Administration, program, activities identifiers
  • Other Assessments including exam results

The personal information is collected for Certification Program applicants who are employees of the Government of Canada and its agencies. The information collected consists only of data provided by the individual either directly or with consent at the time of collection with no contextual sensitivities.

Data analysis and data flow

Acting as the administrator for the program, the Canadian General Standards Board maintains a database to collect and store candidate information in conjunction with a hard-copy filing system.

Access to both systems is controlled to ensure that only individuals who have a "need to know" can use and access the personal information as per the Directive on Privacy Practices. Information is kept secure and access is limited by physical means and by logistical means. The retention and disposal procedures meet Government requirements, including the physical safeguards of that data until disposal.

Information collected is necessary for the administration of the certification program. All information stays within the program.

The individual is providing the personal information to PWGSC (CGSB) for the purpose of assessing their enrolment and their qualifications against the requirements of the program.

Some of the information is provided to the Public Service Commission (answers to a knowledge exam for marking) and then returned to PWGSC (CGSB). The Public Service Commission does not keep any personal information.

PWGSC (CGSB) shares information in the form of statistical reports with interested stakeholders, notably the Treasury Board Secretariat and the Canada School of Public Service. The statistical reports do not permit parties to identify any individual.

Ultimately the program information is sent to Library and Archives Canada for disposal.

Privacy risks

The privacy risks identified with the collection of personal information in support of the Certification Program for the Federal Government Procurement and Materiel Management Community have been evaluated and determined to be low.

The privacy notice provided by ATIP has been added to the handbook and to the forms used for the collection of personal information as deemed necessary for the administration of the program.

Conclusion

This privacy impact assessment of the Certification Program for the Federal Government Procurement and Materiel Management Community did not identify any privacy risks that cannot be managed using the current safeguards.

The collection of personal information for the administration of the Certification Program for the Federal Government Procurement and Materiel Management Community poses few privacy risks to Canadians, all of which are considered to be low in severity.

These risks have been mitigated with the implementation of the recommendations in the Privacy Risk Management Plan including the implementation of a Privacy Notice to ensure each individual is given the opportunity to provide meaningful consent at each stage of the process.

The Certification Program complies with the requisite provisions of the Privacy Act, regulations and the Treasury Board Secretariat Privacy Impact Assessment Policy.