Introduction
Statistics Canada is implementing a new "Data Analytics as a Service" platform in support of the Agency's Modernization goals. This platform supports Agency program areas in their work with the external research community to increase researchers' ability to create models and insights that benefit Canadians. The platform provides a comprehensive set of features that include search access to data catalogues, secure analytic data labs to perform statistical and data science analysis in strongly protected ways, and the means to publish model outputs and narratives via dashboards and other tools. The platform additionally supports data stewardship activities such as management of data acquisitions, data and metadata management, search and discovery, and data visualization functions. All data content is managed and controlled by the relevant microdata access services and business owners and addressed through privacy impact assessments currently in place.
Objective
A privacy impact assessment for Data Analytics as a Service Platform was conducted to determine if there were any privacy, confidentiality or security issues with this program and, if so, to make recommendations for their resolution or mitigation. It also serves to demonstrate how the platform meets the principles of necessity and proportionality.
Description
The PIA identified two areas where the personal data of users and researchers is collected and managed – the creation and management of user accounts with basic contact information, and the monitoring of all activities and actions performed by users and software acting on their behalf.
Auditing and reporting - All relevant components of the platform must keep quality records of the states and events that occur, and this data must be exposed in a way that makes effective auditing, detection of anomalous usage patterns, and associated reporting to support privacy protection and cybersecurity requirements.
Identity and access management – Access to the platform and its contents is controlled via authentication and authorization based on electronic identities to prevent unauthorized disclosure of information. Personal contact information and project metadata is associated with these identities managed via electronic directory services.
Risk Area Identification and Categorization
The PIA identifies the level of potential risk (level 1 is the lowest level of potential risk and level 4 is the highest) associated with the following risk areas:
| Risk scale | |
|---|---|
| a) Type of program or activity Administration of program or activity and services |
2 |
| b) Type of personal information involved and context Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program. |
1 |
| c) Program or activity partners and private sector involvement Private sector organizations, international organizations or foreign governments |
4 |
| d) Duration of the program or activity Long-term program or activity. |
3 |
| e) Program population The program's use of personal information for external administrative purposes affects certain individuals. |
3 |
| f) Personal information transmission The personal information is transmitted using wireless technologies. |
4 |
| g) Technology and privacy The platform and associated infrastructure services require electronic identities and associated user data (such as project, contact information, organization) to fulfill cybersecurity and privacy protection requirements. Users must be appropriately authenticated and authorized each time they access the platform, using directory information maintained by the platform and its services. Access to user identity information is restricted to directory administrators with activity-based privilege escalation based on strict "need to know" policies and processes to create, modify, or delete directory information. All activities and actions taken by users or software acting on their behalf are monitored and logged in one or more secure administrative services in the platform to support auditing, monitoring, and reporting. Additional analysis of activity data is used to identify anomalous patterns of behaviour as part of platform and infrastructure cybersecurity risk management. Activity logs and reports are used to support reporting on privacy-related controls and principles. |
|
| h) Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee. There is a low risk of a breach of some of the personal information being disclosed without proper authorization. The impact on the individual would be very low given the low sensitivity of the information provided in the platform. |
|
Conclusion
This assessment of the Data Analytics as a Service Platform did not identify any privacy risks that cannot be managed using existing safeguards. It also demonstrates that the personal or sensitive information collected through this platform is necessary and proportional to its specific purpose.