Date: October 2018
Program managers:
- Director General - Macroeconomic Accounts
- Director General - Education, Labour and Income Statistics
Reference to Personal Information Bank
In accordance with the Privacy Act, Statistics Canada is developing a new institutional personal information bank (PIB) to describe the individual financial transaction information Statistics Canada has obtained from public and private sector sources for the purposes of the Statistics Act, including but not limited to the following programs: Household Spending, Retail Sales, International Trade in Services, Financial and Wealth Accounts, Distributed Household Economic Accounts, Canadian Housing, and Income Statistics Programs.
Description of statistical activity
Statistics Canada obtains personal information from surveys and various administrative sources under the authority of the Statistics Act. More specifically, under Section 13 of the Statistics Act, Statistics Canada can require from third party organizations the disclosure of information that would assist Statistics Canada in fulfilling its mandate or that would aid in the completion or correction of that information. To that end, Statistics Canada will be acquiring individual payments and income history information from financial institutions. The acquisition of this information will reduce the burden of statistical enquiries on respondents and provide a lower-cost, higher frequency and comprehensive alternative to the more traditional survey-taking approach.
Statistics Canada will use the information for statistical purposes only, in support of its mandate, as required by the Statistics Act. Under no circumstances will the personal information obtained from financial institutions be used to perform credit, expenditure or income check on individual Canadians. The personal identifiers obtained from the Financial Institutions will be used to generate a statistical identifier for linkage purposes, or complete personal information that Statistics Canada has collected in the ordinary course of its operations.
The payments and income history information collected from financial institutions will be used to create a statistical database in support of various statistical programs in the economic and socio-economic fields, including but not limited to the Canadian Household Spending program National Economic Accounts and Income Statistics Divisions. To achieve its statistical objectives, Statistics Canada will integrate these data with other sources of information held by Statistics Canada once approval has been obtained in accordance with the Directive on Microdata Linkage. Statistics Canada will only make anonymized, aggregated statistical information on Canadian households publically available and as such, individuals will not be identifiable in any product disseminated to the public.
Reason for supplement
While the Generic Privacy Impact Assessment (PIA) addresses most of the privacy and security risks related to this statistical activity, this supplement describes the additional safeguards being implemented for collection, processing and use of payment and income history information due to the highly sensitive nature of this data.
The Generic PIA also presents and addresses the privacy principles and levels of potential risk, which apply to the collection and use of the payment and income history information.
Mitigation factors
This section defines the specific safeguards put in place for this activity at the various stages of the statistical business process including collection, processing, analysis and dissemination, in addition to the standard security measures, which apply to all confidential information collected by Statistics Canada. While regular procedures are already described in the Generic PIA, they are included here for a comprehensive record.
Collection
The information will be transmitted electronically to Statistics Canada using a secure file transfer protocol.
Storage
All Systems with access to any confidential information employs logical access controls at the device and network level. All Systems must have functional and current antivirus software. Network firewall and access rules are in place to prevent access by an employee who does not have work-related need to know. Network firewall rules are also in place such that no system processing any confidential information can be accessed at the network layer by a system outside of the secure area.
Processing
The identifiers and data files will be stored on its own unique, secure servers. The servers that will host that information will be housed in a secure location with access restricted to the designated individuals from the aforementioned programs as per each program's operational requirements provided they provide the necessary justification and obtain the approval from the responsible branch management. Furthermore, all access permissions are only applicable for a set duration of time and must be regularly renewed including justification and re-approval.
After initial processing, a statistical identifier will be generated by Statistics Canada to facilitate data integration. As per standard practice, following linkages with other sources of information, data will be stripped of identifiers such as name and address, to help to protect confidentiality.
Access
Access to any confidential data held by Statistics Canada is closely monitored. Financial information will be provided in separate files from the personal identifiers, further reducing any risk of breach of identifiable personal information. For information with personal identifiers, only a limited number of employees with work-related need will be allowed access.
Dissemination
The Statistics Act provides the legal basis for maintaining the confidentiality of personal and business information that Statistics Canada collects. Statistics Canada will not disclose confidential information to any third party, other than with the permission of the original data provider and the authorization from the Chief Statistician, as required by the Statistics Act.
Statistics Canada will publish only -non-identifiable, aggregated statistical information or anonymized public use microdata files as part of its general dissemination strategy.
Openness
A summary of the supplemental PIA will be publicly available on the Statistics Canada website as an addendum to the Generic PIA.
Conclusion
This assessment concludes that, with the existing Statistics Canada safeguards any remaining risks are such that Statistics Canada is prepared to accept and manage the risk.
Formal approval
This Supplement to the Generic Privacy Impact Assessment is approved by the Chief Statistician of Canada.
Anil Arora
Chief Statistician of Canada
Date: October 22, 2018