My Government of Canada Human Resources: Privacy impact assessment summary

On this page

Section I: Overview and privacy impact assessment initiation

Government institution

Public Services and Procurement Canada (PSPC), Human Resources Branch (HRB).

Government official responsible for the privacy impact assessment

Manon Rochon, Assistant Deputy Minister, Human Resources Branch.

Head of the government institution and delegate for section 10 of the Privacy Act

Marie Lemay, Deputy Minister.

Annie Plouffe, Director, Access to Information and Privacy.

Federal pay and pension administration

This program activity provides reliable central systems and processes for pay and pension administration to other federal organizations. Through our pay and pension services, PSPC ensures that federal government employees and pensioners are paid accurately and on time.

Pay

This sub-program administers the pay and benefits processes for the public service of Canada and other organizations, in accordance with collective agreements, compensation policies and memorandum of understanding. Pay and benefits administration includes the development and delivery of services, processes and systems, and the provision of information, training and advice to compensation advisors in departments. For most departments using the government accredited human resources (HR) system (PeopleSoft), PSPC also provides all compensation services.

Name and description of program or activity: Internal services (sub program—Human resources management services)

Internal services constitute groups of related activities and resources that are administered to support the needs of programs and other corporate obligations of an organization. These groups are management and oversight services, communications services, legal services, human resources management services, financial management services, information management services, information technology (IT) services, real property services, materiel services, acquisition services, and travel and other administrative services. Internal services include only those activities and resources that apply across an organization and not to those provided specifically to a program.

Government of Canada administrative services

This sub-program has a horizontal focus to delivering corporate administrative and HR support services, on cost-recovery basis, to achieve efficiencies for client federal organization. Government of Canada (GC) administrative services reduces the number of back-office administrative IT systems across government, and purchases, creates, modifies and maintains common GC versions of products, which eliminates duplication in individual departments and agencies allowing them to focus resources on key programs.

Description of the class of records associated with the program or activity

There are many sub-programs and corresponding classes of records (CORs) under the Internal Services Program; only the CORs relevant to Service Desk Plus (SD+) are identified below.

Description of the personal information bank

No modification required for the existing personal information bank (PIB).

Several PIBs are related to HR related functions and SD+. The applicable PIB within SD+ depends on the work flow/service request (SR) being submitted. For most SRs, one of the following 8 standard PIBs will apply; however, several PSPC-specific PIBs also apply to particular forms/activities submitted as attachments to an SD+ work flow/SR. Moreover, one Canada Revenue Agency (CRA) PIB applies which is reflected in the TD-1 pay form submitted by new employees.

Standard personal information banks

Public Services and Procurement Canada: Specific personal information banks

Other government departments: Specific personal information banks

Employer compliance (Canada Revenue Agency public bank [CRA PPU] 120).

Legal authority for the program or activity

The broad authority for PSPC HR is delegated to the assistant deputy minister of HR from Treasury Board pursuant to the Financial Administration Act (FAA).

Summary of the project, initiative, or change

PSPC needed a more streamlined and efficient approach to managing HR-related requests from the department's employees and business lines. PSPC decided to leverage the existing HR installation of SD+ to support more than its internal HR Call Centre; specifically, additional software licences were purchased for use by its HR professionals across the country and expanded the type of information collected and stored in SD+ such that it is the starting point for general enquiries, as well as 30 HR-related activities, such as staffing, leave without pay (LWOP), classification, language testing, and others.

This privacy impact assessment (PIA) was undertaken to assess the expanded use of SD+ by PSPC HR, which is scheduled to be deployed using a phased approach starting in fall 2018. A subsequent release of SD+ is scheduled for March 2019 which will include functionality supporting classification and language testing requests.

SD+ is an IT help desk management software to receive, track, and resolve employee submitted IT incidents/tickets. In fact, PSPC's IT help desk uses the product as well as HRB, business systems and new initiatives (BSNI) team since December 2014 to track all incidents submitted by employees of PSPC pertaining to “My Government of Canada human resources” (MyGCHR). Additionally, a separate installation of the software supports the receipt of incidents/questions received by PSPC's HR Call Centre (internally called My HRResource), which was released in March 2018 (stage 1).

The use of SD+ for HR purposes is restricted to PSPC HR and is not intended or envisioned as a government-wide solution.

Section II: Risk area identification and categorization

The following tables describe the categories of related privacy risks with corresponding risk scores.

Table A: Privacy risks associated to the type of program or activity describes 4 categories of related privacy risks with a corresponding privacy risk score of 1, 2, 3, and 4. Table A also includes a narrative section providing a summary description that explains and justifies the level of risk identified.

Additional information about this table: Personal information stored in SD+ is used to facilitate decisions about staffing positions, pay, planning, and other facets of human resources.

Table A: Privacy risks associated to the type of program or activity
Type of program or activity Level of risk to privacy
Program or activity that does not involve a decision about an identifiable individual 1 (does not apply)
Administration of programs / activity and services 2 (applies)
Compliance / regulatory investigations and enforcement 3 (does not apply)
Criminal investigation and enforcement / national security 4 (does not apply)

Table B: Privacy risks associated to the type of personal information involved and its context provides 4 categories of privacy risks associated to the type of personal information involved and its context, including a corresponding privacy risk score of 1, 2, 3, and 4. Table B also includes a narrative section providing a summary description that explains and justifies the level of risk identified.

Additional information about this table: Information is collected from individuals for the completion of various HR forms. The information is stored and routed in SD+. In some instances, the social insurance number, banking information for the direct deposition of salary payments, and medical information may be collected and stored in the system. All of these data sets are provided by the individual for direct input or to the hiring manager or the administrative officer for input.

Table B: Privacy risks associated to the type of personal information involved and its context
Type of personal information involved and context Level of risk to privacy
Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program. 1 (applies)
Personal information, with no contextual sensitivities after the time of collection, provided by the individual with consent to also use personal information held by another source. 2 (does not apply)
Social insurance number (SIN), medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual. 3 (applies)
Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive. 4 (does not apply)

Table C: Privacy risks associated to partners involved in the collection, use or disclosure of personal information provides 4 categories of privacy risks associated to partners involved in the collection, use, or disclosure of personal information, including a corresponding privacy risk score of 1, 2, 3, and 4. Table C also includes a narrative section providing a summary description that explains and justifies the level of risk identified.

Additional information about this table: SD+ is used exclusively by PSPC employees. The software vendor provides support services through its affiliate Manage Engine located in India. There is a risk that PSPC staff send screen shots of issues containing personal information to the support services. However, a 2-step approval process within the Digital Services Branch (DSB), formerly Chief Information Officer Branch (CIOB) has been established to mitigate this risk.

Table C: Privacy risks associated to partners involved in the collection, use or disclosure of personal information
Program or activity partners and private sector involvement Level of risk to privacy
Within PSPC (amongst one or more programs within PSPC) 1 (applies)
With other federal institutions 2 (does not apply)
With other or a combination of federal/ provincial and/or municipal government(s) 3 (does not apply)
Private sector organizations or international organizations or foreign governments 4 (applies)

Table D: Privacy risks associated to the duration of the program or activity provides 3 categories of duration of the program or activity, including a corresponding privacy risk score of 1, 2, and 3. Table D also includes a narrative section providing a summary description that explains and justifies the level of risk identified.

Additional information about this table: HR is an ongoing program and the use of SD+ to support HR is projected to be long-term.

Table D: Privacy risks associated to the duration of the program or activity
Duration of the program or activity Level of risk to privacy
One time program or activity 1 (does not apply)
Short-term program (1 to 5 years) 2 (does not apply)
Long-term program (5 plus years or ongoing) 3 (applies)

Table E: Privacy risks associated to the category of population provides 4 categories of population affected by the program, including a corresponding privacy risk score of 1, 2, 3, and 4. Table E also includes a narrative section providing a summary description that explains and justifies the level of risk identified.

Additional information about this table: SD+ is an internal tool available only to PSPC employees.

Table E: Privacy risks associated to the category of population
Program population Level of risk to privacy
The program affects certain employees for internal administrative purposes 1 (does not apply)
The program affects all employees for internal administrative purposes 2 (applies)
The program affects certain individuals for external administrative purposes 3 (does not apply)
The program affects all individuals for external administrative purposes 4 (does not apply)

Table F: Privacy risks associated to the use of technology provides a description of the privacy risks associated to the use of technology. Table F lists 3 questions asked, with question 3 being a 3-part question. For each of the 3 questions, there is a corresponding answer in the form of a yes or no check box. Table F also provides a narrative section for all 3 parts of question 3 providing details regarding the privacy risks.

Additional information about this table: A yes response to any of the questions below indicates potential privacy concerns and risks that will need to be considered and, if necessary, mitigated.

Table F: Privacy risks associated to the use of technology
Technology and privacy Yes or No
1. Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information? No
2. Does the new or modified program or activity require any modifications to IT legacy systems and / or services, as confirmed by PSPC DSB (formally CIOB)? No
3. Does the new or modified program or activity involve the implementation of one or more of the following technologies: n/a
3.1 Enhanced identification methods (n/a). No
3.2 Use of surveillance.

Note: SD+ audit logs are kept and will be monitored (process will be developed) and can be accessed if required. Audit logs could be viewed to provide information on personal information accessed in case of a privacy incident.

Yes
3.3 Use of automated personal information analysis, personal information matching and knowledge discovery techniques (n/a). No

Table G: Privacy risks associated to the information technology transmission of personal information provides a description of the privacy risks associated to the information technology transmission of personal information. Table G describes 4 categories of related privacy risks and a corresponding privacy risk score of 1, 2, 3, and 4. Table G also includes a narrative section providing a summary description that explains and justifies the level of risk identified.

Additional information about this table: SD+ is a closed system and only available to PSPC employees. Information gathered via SD+ may also need to be entered in MyGCHR and GCDocs (the official electronic documents and records management solutions (EDRMS) of the GC). Information and reports can be printed. Software is accessible through wireless technologies but a virtual private network (VPN) is required and restricted to PSPC employees.

Table G: Privacy risks associated to the information technology transmission of personal information
Personal information transmission Level of risk to privacy
The personal information is used within a closed system 1 (applies)
The personal information is used in a system that has connections to at least one other system 2 (applies)
The personal information is transferred to a portable device or is printed 3 (applies)
The personal information is transmitted using wireless technologies 4 (applies)

Table H: Levels of impact to the individual or employee in the event of a privacy breach describes the risk of repercussion for the individual or employee in the event of a privacy breach occur. Table H describes 4 categories of related harm/privacy risks and a corresponding privacy risk score of 1, 2, 3, and 4. Table H also includes a narrative section providing a summary description that explains and justifies the level of risk identified.

Additional information about this table: For some information stored in SD+, a breach would not impact the individual/employee as the data fields in SD+ are information about an employee's name, position, work address and other information that is publicly available or subject to ss. 3(j) of the Privacy Act. However, not all data fields fit this categorization. Moreover, attachments/documents stored in SD+ have an increased risk across 3 of the 4 areas above (inconvenience, reputation/embarrassment, and financial harm); specifically, the SIN and direct deposit information could be used to support identity theft.

Table H: Levels of impact to the individual or employee in the event of a privacy breach
Potential risk impact to the individual or employee in the event of a privacy breach Level of risk to privacy
Inconvenience 1 (applies)
Reputation harm, embarrassment 2 (applies)
Financial harm 3 (applies)
Physical harm 4 (does not apply)

Table I: Levels of impact to the institution in the event of a privacy breach provides a description of the privacy risk impact to the institution submitting the PIA, Public Services and Procurement Canada. Table I describes 4 categories of related harm/privacy risks and a corresponding privacy risk score of 1, 2, 3, and 4. Table I also includes a narrative section providing a summary description that explains and justifies the level of risk identified.

Additional information about this table: In the event of a privacy breach involving personal information, the potential reputability and credibility harm to PSPC could be significant. Although minimal financial information is collected in SD+, there could also be financial harm to the individual if a breach involving direct deposit/banking information and result in potential financial harm to PSPC through lawsuits.

Table I: Levels of impact to the institution in the event of a privacy breach
Potential risk impact to the institution in the event of a privacy breach Level of risk to privacy
Managerial harm
Examples: processes must be reviewed, tools must be changed, change in provider / partner
1 (applies)
Organizational harm
Examples: changes to the organizational structure, changes to the organizations decision-making structure, changes to the distribution of responsibilities and accountabilities, changes to the program activity architecture, departure of employees, reallocation of HR resources
2 (applies)
Financial harm
Examples: lawsuit, additional moneys required, reallocation of financial resources
3 (applies)
Reputation harm, embarrassment, loss of credibility
Examples: decreased confidence by the public, elected officials under the spotlight, institution strategic outcome compromised, government priority compromised, impact on the Government of Canada outcome areas
4 (applies)
Date modified: