Introduction

Statistics Canada is committed to respecting the privacy of individuals and businesses—whether they are responding to one of our surveys, providing personal information, purchasing a product or service or using our website. To fulfill this commitment, Statistics Canada has created a Privacy Framework that describes the approved practices, procedures and governance related to privacy.

All personal information collected, used, disclosed or retained by Statistics Canada is protected by the Privacy Act and by the Statistics Act whether it was provided by a respondent or received from a third party. This means that you will be advised of the authority for such collection.

Privacy and confidentiality of personal information

Role of the Chief Privacy Officer

The Chief Privacy Officer (CPO) is a privacy expert whose role includes ensuring that Statistics Canada’s policies, directives, guidelines and practices are in line with current Government of Canada privacy legislation, policies and directives. The CPO must also track privacy incidents and breaches and provide advice on how to prevent similar incidents from arising in the future. If you have any concerns about your privacy, please contact:

Pierre Desrochers
Chief Privacy Officer
Office of Privacy Management and Information Coordination
Statistics Canada
R.H. Coats Building, 2^nd floor
100 Tunney's Pasture Driveway
Ottawa, Ontario K1A 0T6
Pierre.Desrochers@statcan.gc.ca
613-894-4086

What happens when there is a privacy breach?

A privacy breach is the loss of, unauthorized access to, or disclosure of, personal information. This can occur as a result of the theft or loss of information or data storage equipment, or the improper or unauthorized collection, use, disclosure, access, storage or disposal of information, including misdirected correspondence. When Statistics Canada discovers or is made aware of a breach, we take immediate action, in compliance with the Directive on Privacy Practices and Guidelines for Privacy Breaches established by the Treasury Board Secretariat.

Survey respondents

Statistics Canada's commitment to keeping the confidentiality of the information obtained from the Canadian public is enshrined in the Statistics Act and the Agency's various policies and practices related to data collection, analysis and dissemination activities as well as the Privacy Act.

All information provided to Statistics Canada through surveys, the census or any other source is confidential. Statistics Canada does not release any information that identifies an individual or group without prior consent. Similarly, no other government institution has the right to see the answers given in confidence to Statistics Canada without this consent.

Because of its unique mandate as the national statistical agency in collecting personal information solely for statistical and research purposes, Statistics Canada has prepared privacy impact assessments that address privacy issues associated with its survey activities.

One aspect of the statistical work undertaken by the Agency could involve record linkage projects that bring together information about individual respondents for research purposes. This is a recognized source of valuable statistical information but must serve a public good. To address the potentially privacy-intrusive nature of this type of research, Statistics Canada not only has a directive in place but practices a well-defined review and approval process for all microdata linkages.

Collection of information on minors

From time to time, Statistics Canada collects information on minors, a practice that presents unique challenges in terms of striking a balance between individual privacy and public welfare. While the collection of information from children can be sensitive, this information fills an important public policy void: reliable data on younger demographics is crucial to the development of sound policy that supports the delivery of important services to vulnerable segments of the population.

As with information from other respondents, information on minors is protected by the Privacy Act and by the Statistics Act. Under the Privacy Act, a parent/guardian may request access to a minor's personal information, on his or her behalf. Statistics Canada, prior to collecting information from minors, determines which types of information could potentially cause harm to a child; this information is never released under any circumstance.

Clients

Statistics Canada is fully committed to protecting the confidentiality of the personal information provided by our clients who purchase products or services. This information is used only to support our relationship with you as a client of Statistics Canada.

More information: Protecting your privacy as a client

Third-Party Social Media

Statistics Canada is using social media to provide access to relevant, accurate and timely statistical information and to foster engagement, cooperation and information-sharing among people who use statistical information. Social media accounts are public and are not hosted on Government of Canada servers. Statistics Canada uses Facebook, Twitter and YouTube. Users who choose to interact with Statistics Canada via those social media should read the terms of service and privacy policies of these third-party service providers and those of any applications you use to access them. You may have to change your language preference in order to see the information in English.

• Facebook Data Use Policy
• Twitter Privacy Policy
• YouTube Privacy Policy (Google)

Personal information that you provide to the Government of Canada via social media accounts is subject to the provisions of the Access to Information Act and the Privacy Act. This information is collected to capture conversations (e.g. questions and answers, comments, "likes", retweets) between you and Statistics Canada. It may be used to respond to inquiries, or for statistical, evaluation and reporting purposes. Comments posted that violate Canadian law will be deleted and disclosed to law enforcement authorities. Comments that violate our Social media rules of engagement could also be deleted. The personal information is included in Personal Information Outreach Activities (PSU 938).

No endorsement of any social media products or services is expressed or implied. Please read our Social media rules of engagement and Terms of use for Facebook, Twitter, and YouTube.

Visitors to the Statistics Canada website

The Government of Canada and Statistics Canada are committed to providing visitors with websites that respect their privacy. The following summarizes the privacy policy and practices on Statistics Canada websites.

Safeguarding your personal information

The Statistics Canada website does not automatically gather any specific personal information from you, such as your name, phone number or email address. We would only obtain this type of information if you supply it by sending us an email or registering in a secure portion of the site. The information that is received and stored is safeguarded to prevent unauthorized disclosure.

The nature of the Internet is such that Web servers automatically collect certain information about a visit to a website, including the visitor's Internet Protocol (IP) address. IP addresses are unique numbers assigned by Internet Service Providers (ISP) to all devices used to access the Internet. Web servers automatically log the IP addresses of visitors to their sites. The IP address, on its own, does not identify an individual. However, in certain circumstances, such as with the co-operation of an ISP for example, it could be used to identify an individual using the site. For this reason, the Government of Canada considers the IP address to be personal information, particularly when combined with other data automatically collected when visitor requests a Web page such as the page or pages visited, date and time of the visit.

How your information is used

Information on individual website visitors is used by Statistics Canada employees who need to know the information in order to respond to your request or to ensure the security of this system. We only share the information you give us with another government department if your inquiry relates to that department. We do not use the information to create individually identifiable profiles, nor do we disclose this information to anyone outside the federal government.

Electronic transmission of sensitive personal information

Unless specifically noted otherwise, neither electronic systems nor email are secure information transmission methods. It is not recommended that sensitive personal information be transmitted electronically.

Data encryption

The website is equipped with a Secure Socket Layer (SSL) encryption to ensure a secure connection between the server and an SSL-compatible browser. SSL protocol provides a safe passage for transmitting and authenticating data by encrypting the information. Data cannot be compromised when SSL is in use. This is the most secure form of encryption commonly available in North America.

Network traffic monitoring

Statistics Canada employs software programs to monitor network traffic, and to identify unauthorized attempts to upload or change information, or otherwise cause damage. These programs are also used to gather anonymous information such as statistics to improve the functionality of our site. These software programs receive and record the Internet Protocol (IP) address of the computer that has contacted our websites, the date and time of the visit and the pages visited. We make no attempt to link these addresses with the identity of individuals visiting our site unless an attempt to damage the site has been detected. The programs are never used to gather specific personal information such as your name, your phone number or your e-mail address.

Your privacy is protected

Your personal information is protected by the Privacy Act and will only be disclosed as permitted by that Act.

Cookies

Statistics Canada occasionally uses session cookies to track how our visitors use this site, determine sites previously visited or facilitate the use of secure portions of this site. Information from the cookies is compiled for statistical analysis on traffic patterns and is used to assess and improve the efficiency of the website. A cookie is a file that may be placed on your hard drive without your knowledge by a website to allow it to monitor your use of the site.

The cookies we use do not allow Statistics Canada to identify individuals. Our use of session cookies ensures your online privacy and security. Here's why:

• The contents of our session cookies are not linked, shared or associated in any way with personal information that you may have supplied to us or made available elsewhere.
• Our cookies can only be "read" by Statistics Canada servers, meaning that you cannot be tracked or profiled using our cookie when you surf across multiple sites on the Web.

Statistics Canada's website primarily uses session cookies, which automatically expire at the end of the user session. Occasionally we use persistent cookies to facilitate the use of secure portions of the website and to conduct on-line surveys to improve the website. Persistent cookies have pre-determined expiry dates.

Visiting our website with cookies disabled will have no significant impact on your browsing experience. You can set your browser to detect and reject cookies. Please consult your browser's Help Menu for instructions.

Web Analytics

Web analytics is the collection, analysis, measurement, and reporting of data about Web traffic and visits for purposes of understanding and optimizing Web usage. For the purpose of performing web analytics, certain types of information are tracked during visits to Statistics Canada's website. For the purposes of the Privacy Act, this information is treated as personal information.

Statistics Canada uses Adobe Analytics and log file analysis to improve its web site. When your computer or other device requests a Statistics Canada Web page, information is collected for the purpose of web analytics. The type of information collected includes, but is not limited to:

• IP address of the device that has contacted the Statistics Canada' website (which is not stored or retained in a format that can be used to identify a visitor)
• type of browser used
• type of operating system used
• the date and time of the visit
• pages visited and documents downloaded

Statistics Canada uses log file analysis internally. The information is not disclosed to an external third party service provider.

Web analytics is carried out using services from the third-party service provider Adobe Systems Inc. (Adobe Analytics). This service provider is based in the United States of America (USA), which means that the personal information collected is transmitted outside of Canada and may be subject to USA laws, including the USA Patriot Act. In addition, Adobe operates servers in other countries on which the web analytics data may be processed. Consequently, the data may be subject to the governing legislation of the country where it is processed. For Adobe Analytics, the Government of Canada has specified that personal information can only be stored on servers in Canada, the United States, the European Union, Australia, Israel, New Zealand, Norway, and Switzerland.

For more information about the privacy policies of this service provider, please visit Adobe Experience Cloud Privacy

To track visits to Statistics Canada for web analytics, Adobe Analytics requires the use of digital markers ("cookies"). If you wish, you may opt out of having your visit tracked by:

• changing your browser settings to refuse cookies, disabling JavaScript within your browser, or
• downloading and installing a browser add-on from Adobe prevents your visit data from being used.

If you change your browser settings to refuse cookies or disable JavaScript so that your Statistics Canada visit will not be tracked, no information will be collected but your visit may be affected in other ways, including making it difficult to access any secure services that require a username and password.

To further protect information about visitors to Statistics Canada' website, Adobe Analytics uses a feature that hides part or all of the IP address of a visitor before it is stored.

The chart is a flow chart description of the Integrated Strategic Planning Process (ISPP) which consists of six steps. The first four steps of the ISPP are known as the LTP process which is the first phase of the ISPP, and steps five and six take place during Project Implementation, which is the second phase of the ISPP.

The flow chart begins with the first column that is labeled the LTP process. The first box in the LTP process column in Stage 1: Idea Generation shows that the first step of the ISPP starts in April in each year with a Strategic Direction session to align strategic direction with priorities and emerging issues and that the second step of the ISPP is from May to June, when managers develop a high level business proposal to request funding through the LTP process. Proposals are grouped into three main categories for decision- Corporate Business Architecture (CBA) improvements and initiatives; Continuity and Quality maintenance (CQM) of existing programs; and, New Initiatives / Enhancements. Proposals supported for further consideration by Senior Management Review Board move to the second box in the LTP process column. The second box in the LTP process in Stage 2: Project Assessment shows that the third step of the ISPP is from July to October, when programs develop investment proposals which are presented in Step 4 in November at the Senior Management Review Conference for approval. This marks the end of the LTP process.

Projects approved in November from this point move to the Project Implementation column which is the second phase of the ISPP. The first two boxes in the Project Implementation column in Stage 3: Project Initiation and Stage 4: Project Planning show that the fifth step of the ISPP is from December to March when programs initiate, plan and communicate with the stakeholders about the new LTP projects. The last two boxes in the Project Implementation column in Stage 5: Project Execution and Stage 6: Project Close-out show that the sixth and final step of the ISPP is the on-going monitoring of the LTP projects.

This chart illustrates the two stages of the LTP process that falls within the Integrated Strategic Planning Process (ISPP).The first four steps of the ISPP are known as the LTP process. These four steps have been divided into two stages in the flow chart. The first two steps correspond to the first stage of the LTP process which is the Idea Generation stage and the two other steps correspond to the second stage of the LTP process which is the Project Assessment stage.

The flow chart begins with the Stage 1 Idea Generation where CBA and non-CBA business proposals are prepared by programs for review and approval. The chart illustrates that Corporate Business Architecture (CBA) proposals go through an approval process by both the CBA management committee and Field Planning Boards (FPBs). The flow chart shows that non-CBA projects only go through the FPBs for approval. Both CBA and non-CBA proposals that have been approved flow to the SMRB for gate 1 approval and consideration for funding. Proposals approved for consideration, move to Stage 2 Project Assessment. In this stage, programs must prepare a Project Complexity and Risk Assessment (PCRA), a Business Case, and Business Case Costing (BCC) template for all CBA and non-CBA proposals. The chart illustrates that CBA proposals separate from non-CBA proposals and must go back to the CBA Management Committee for approval. Once this approval is given then CBA proposals merge back with non-CBA proposals and then move to the FPBs to have the Business case and BCC forms approved. Those approved proceed to SMRB Gate 2 for approval and funding. All approved LTP proposals are recorded in the Agency’s Decision Record known as the Blue Book.

Key financial controls: Process Overview

The chart is a flow chart description of the process of Assessment of Internal Controls over Financial Reporting (ICFR) presenting the 4 core activities involved and their outputs described just below each activity. Activities and results/outputs are differentiated by colors and forms. The flow chart is set up in 5 key steps aligned with arrows from left to right. A box groups the 4 core activities for the assessment of ICFR. The flow chart begins with the first step on the left, which is Planning & scoping. Outputs from this activity are Strategic Plans for ICFR & ITGC and work plans. From this point, the process moves at right to Documentation of in-scope business processes. Outputs from this activity are Process Narratives or Flow Charts. Going right onto the third step, the process progresses to the activity of Tests of Design of Key Controls and involves, when required, Letters of Recommendations (LoR) regarding Design. Finally, Tests of Effectiveness of Key Controls is the last activity performed within the process of Assessment of ICFR. LoRs are also an output shown for this step. With arrows from top to bottom, the chart demonstrates that ongoing monitoring and risk management are performed at each step throughout the assessment process. Once the process of the Assessment of ICFR is fully completed, there is a resulting step described outside the box, at right. Reporting to the CS, CFO and Field Senior Management includes progress towards implementing PIC, results of the assessment of ICFR, and the state of audit readiness. Finally, an arrow showing an output from reporting, which is the Statement of Management Responsibility including ICFR labelling the signatures of the CS and CFO.