Statistics Canada Privacy Impact Assessment Policy

Preamble

The Treasury Board of Canada Secretariat approved the Privacy Impact Assessment Policy and the Privacy Impact Assessment Guidelines: A Framework to Manage Privacy Risks in May 2002.

A Privacy Impact Assessment (PIA) is an evaluation process which allows those involved in the collection, use or disclosure of personal information to assess and evaluate privacy, confidentiality or security risks associated with these activities, and to develop measures intended to mitigate and, wherever possible, eliminate identified risks.

Policy Statement

Statistics Canada will conduct a PIA for all new and significantly redesigned collections, uses or disclosures of personal information that raise privacy, confidentiality or data security risks.

Top of Page

PIA Process

Where substantially similar collections, uses or disclosures of personal information occur, these will be addressed by a generic PIA. Depending on the circumstances, Statistics Canada may develop a number of generic privacy impact assessments to address activities occurring in the statistical program area, human resources, finance, marketing or other program areas that collect, use or disclose personal information.

In cases where an approved generic PIA does not address specific privacy, confidentiality and security risks associated with a new or redesigned collection, use or disclosure of personal information, the responsible program area will identify, at an early stage in the planning cycle, the need to conduct a specific PIA.

The Chief Statistician approves the recommendation made by the program area director to either undertake a specific PIA or to apply an approved generic PIA to the new or significantly redesigned collection, use or disclosure of personal information. The approval of the PIA report rests with the Chief Statistician. All approved PIA reports shall be sent to the federal Privacy Commissioner and a summary of the report will be made publicly available on the Statistics Canada website.

The PIA process is described in a second document entitled Guidelines for Managers on Conducting Privacy Impact Assessments.

Top of Page

Definitions

Privacy Impact Assessment (PIA) isacomprehensive process for determining the privacy, confidentiality and security risks associated with the collection, use or disclosure of personal information. It also defines the measures used to mitigate and, wherever possible, eliminate the identified risks. The PIA process ensures that measures intended to protect privacy and ensure the confidentiality and security of personal information are considered at the outset of any new program or service delivery initiative. A PIA also communicates to the public how their privacy is protected and how their information is kept confidential and secure from unauthorized access.

Privacy is the right to be left alone, to be free from interference and from intrusions. It includes the right of individuals to determine when, how and to what extent their information is shared with others. The collection of information from respondents by Statistics Canada is, by its nature, a privacy-intrusive activity.

Confidentiality denotes an implied a trust relationship between the person supplying information and the individual or organization collecting it. The relationship is built on an assurance that the information will not be disclosed without the person’s permission. Under the Statistics Act, information that would identify individuals, businesses or institutions cannot be disclosed without their knowledge or consent.

Security is the process of protecting information by assessing threats and risks to data confidentiality, integrity and availability. It entails the implementation of technological and administrative arrangements to restrict access to and prevent the unauthorized disclosure of confidential information.

Personal Information, as defined by the federal Privacy Act (Section 3), means information about an identifiable individual that is recorded in any form including age, date of birth, marital status, education, medical information, address, identifying number, symbol or other particular assigned only to that person.

Top of Page

Generic Privacy Impact Assessment

As many statistical program areas, including analytical programs, exhibit considerable similarity in the collection, use and disclosure of personal information, Statistics Canada has developed a generic privacy impact assessment that clearly addresses the confidentiality, privacy and security risks common to these activities. Depending on requirements, other generic PIAs may be developed.

With regards to the collection, use and disclosure of personal information authorized under the Statistics Act, the generic privacy impact assessment consists of:

1. a generic assessment of the ten privacy principles for Statistics Canada surveys;
2. data flow descriptions for the collection, use and disclosure of personal information;
3. a threat/risk assessment of the collection, use and disclosure of personal information.

Top of Page

Specific Privacy Impact Assessments

In instances where an approved generic PIA does not address the privacy implications of a new or significantly redesigned collection, use or disclosure of personal information, a specific PIA will be undertaken. Once a specific PIA is finalized and approved, a summary of the report will be posted on Statistics Canada’s website.

A specific privacy assessment can be expected to consist of:

1. a specific assessment against the ten privacy principles;
2. a specific data flow description for the collection, use or disclosure of personal information;
3. specific threat/risk assessment of the collection, use or disclosure of personal information.

Top of Page

Roles and Responsibilities

Director

The program area director is responsible for the review of all new and significantly redesigned collections, uses and disclosures of personal information to determine whether the proposed program or system conforms to an already approved generic PIA.

The program area director, for each new and significantly redesigned data collection, use or disclosure of personal information, will inform the Chief Statistician as to whether a generic privacy impact assessment applies or whether it will be necessary to undertake a specific PIA. The PIA Recommendation Form indicating the director’s recommended action is to be sent to the Director, Data Access and Control Services Division, who will forward it the Chief Statistician. A copy of the form can be found in the Guidelines for Managers on Conducting Privacy Impact Assessments.

Where there is doubt regarding the suitability of a generic PIA in addressing the privacy concerns of the new or significantly redesigned activity, the program area director may choose to undertake a preliminary privacy impact assessment (PPIA). The results of this preliminary assessment should assist in the determination of whether a specific PIA is required.

During the development of a specific PIA, the program area director consults with the PIA Review Group and Data Access and Control Services Division (DACS). The specific PIA report is to be submitted to the PIA Review Group for its review prior to being sent for approval by the Chief Statistician.

Upon completion of the specific PIA report, the program area director provides to the Director of DACS a bilingual summary of the approved report suitable for posting on the Statistics Canada website.

Top of Page

Director, Data Access and Control Services Division (DACS)

• Provides advice and assistance to program areas regarding the requirements of the PIA Policy, PIA guidelines and related legislation.

• Notifies the PIA Review Group of the program area director’s proposal to either apply the generic PIA or to undertake a specific PIA and as required arranges for the program area staff to attend a PIA Review Group meeting to discuss the PIA process.

Once the Chief Statistician approves of the program area’s intention to conduct a specific PIA, the Director of DACS:

• Ensures that the Office of the Privacy Commissioner (OPC) is informed of the Agency’s decision.

• Facilitates contacts between the program area and the staff of the OPC. These contacts may include briefings and submission of draft materials, including reports.

• Ensures that the Agency’s legal counsel is consulted on PIA matters that require legal interpretation and advice.

• Acts as secretary to the PIA Review Group, a sub-committee of the Confidentiality and Legislation Committee.

• Ensures that the Agency’s PIA activities are included in the Statistics Canada Access to Information and Privacy Annual Report to Parliament.

Top of Page

Director, Communications and Library Services Division

• Reviews the final specific PIA report summary to be posted on the Statistics Canada website.

Chief, Informatics Technology Security, Informatics Technology and Systems Division

• Assists in the conduct of the threat and risk assessment for the specific PIA, and is consulted on mitigation measures.

PIA Review Group, Sub-committee of the Confidentiality and Legislation Committee

• Develops guidelines and procedures for generic and specific PIAs.
  
  
• Provides advice to program areas on the PIA process.
  
  
• Reviews all PIA Recommendation Forms referred to it by the Director, DACS.
  
  
• Reviews all specific PIA materials and reports submitted to it by the program area director.
  
  
• Once a specific PIA report has been reviewed, and it has been determined that the assessment meets the requirements of the PIA policy, recommends to the Assistant Chief Statistician, Management Services, that the specific PIA report is ready for submission to Policy Committee for discussion and approval by the Chief Statistician.

Top of Page

Assistant Chief Statistician, Management Services

• On recommendation of the PIA Review Group, and as Chair of the Confidentiality and Legislation Committee, submits the specific PIA report to Policy Committee for discussion and approval by the Chief Statistician.

Chief Statistician

• Approves recommended action to either conduct a specific PIA or to apply an approved generic impact assessment to the new or substantially redesigned collection, use or disclosure of personal information.

• Approves all specific PIA reports completed subject to this policy, and their subsequent transmission to the Federal Privacy Commissioner.

Inquiries

All inquiries concerning this policy should be directed to the Director, Data Access and Control Services Division.