Introduction
The Human Resources (HR) Analytics Management Dashboard was developed in order to modernize HR service delivery and to make the management of workforce information more efficient. The new dashboard will consolidate the information currently stored on multiple HR tools into one application which will simplify the use and manipulation of the information.
Objective
A privacy impact assessment of the Human Resources Analytics Management Dashboard was conducted to determine if there were any privacy, confidentiality and security issues and, if so, to make recommendations for their resolution or mitigation.
Description
The Human Resources Analytics Management Dashboard will consolidate the information found on multiple existing HR tools. Currently, using other HR tools, reports and spreadsheets are duplicated requiring access to multiple databases and applications, which is confusing to the user. The dashboard will create a common set of reports and analysis, making the user-experience easier.
No new personal information will be collected. The personal information contained in the application includes only information that has already been provided by the employee at the start of employment or reflects updates made throughout employment including information relating to workforce, assignments, actings, leave without pay, lists of employees scheduled to go on leave and employees scheduled to return from leave, retirement eligibility, separations, sick leave, training and second language.
Access to the Human Resources Analytics Management Dashboard will be restricted to managers (assistant directors and above), HR practitioners, field portfolio managers and financial management advisors.
Risk Area Identification and Categorization
The PIA also identifies the risk areas and categorizes the level of potential risk (level 1 representing the lowest level of potential risk and level 4, the highest) associated with the collection and use of personal information of employees.
- Type of program or activity – Level 2: Administration of program or activity and services.
- Type of personal information involved and context – Level 1: Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program.
- Program or activity partners and private sector involvement – Level 1: Within the institution (among one or more programs within the same institution).
- Duration of the program or activity – Level 3: Long-term program or activity.
- Program population – Level 2: The program's use of personal information for internal administrative purposes affects all employees.
- Personal information transmission – Level 2: The personal information is used in a system that has connections to at least one other system.
- Technology and privacy: The Dashboard involves the implementation of a new electronic system to support the program but does not involve the implementation of new technologies.
- Privacy breach: There is a very low risk of a breach of some of the personal information being disclosed without proper authorization.
Conclusion
This privacy impact assessment did not identify any privacy risks that cannot be managed using existing safeguards.