On-line Registration and Credential Administration (ORCA) - Release 1.0
Privacy Impact Assessment Summary
1. Introduction
In support of the Government of Canada's commitment of delivering on-line services across departments and agencies, the Information Technology Services Branch (ITSB) of Public Works and Government Services Canada is in the process of improving its Internal Credential Management (ICM) service. This mandatory shared service issues identity-based public key infrastructure (PKI) credentials to Government of Canada (GC) employees. Furthermore, ICM verifies and confirms the identity of the recipient before issuing the credential. The credential supports the secure exchange of information with the assurance of knowing that the identities of the parties involved are indeed who they say they are and also features security elements such as authentication, access control, confidentiality, integrity and non-repudiation.
To date, identity-based PKI credentials have only been issued to users through processes involving a face-to-face meeting with a Local Registration Authority (LRA). As these manual processes are time consuming and costly, the ICM Product Management team has identified the need to enhance its service to include an Online Registration and Credential Administration (ORCA) application. ORCA provides ICM users with the ability to create and manage their own identity-based PKI credential in an online session.
This Privacy Impact Assessment (PIA) is necessitated as a result of the identity verification method used by the ORCA application, which is dependent on subscribers (GC employees) providing their personal information, known as shared secrets (i.e. first name, last name, date of birth, personal record identifier (PRI), departmental e-mail address, and name of department).
2. Business Benefits
- ORCA will reduce and potentially eliminate the current manual processes.
- ORCA will facilitate the use of ICM services across the whole of the GC.
- ORCA will promote the consolidation of other GC PKI certificate authorities with ICM.
- ORCA will significantly reduce operational and support costs.
- ORCA will increase the PKI business value for departments and agencies.
3. Data Analysis
The following table summarizes the types of personal information collected, processed and/or displayed to employees accessing the ORCA Website:
| Personal information | Processed by |
Used by | Purpose of use | Displayed to | Stored by |
|---|---|---|---|---|---|
| First Name | ORCA Website pages | ORCA Application | 1. To build a unique distinguished name. | Employee | 1. Part of the Lightweight Directory Access Protocol (LDAP) directory.
2. Part of the PKI credential. |
| Middle Initial | ORCA Website pages | ORCA Application | 1. To build a unique distinguished name. | Employee | Lightweight Directory Access Protocol (LDAP) directory. |
| Surname | ORCA Website pages | ORCA Application | 1. To verify an individual's identity.
2. To build a unique distinguished name. |
Employee | 1. Part of the Lightweight Directory Access Protocol (LDAP) directory.
2. Part of the PKI credential. |
| E-mail Address | ORCA Website pages | ORCA Application | 1. To verify an individual's email domain.
2. To build a unique distinguished name. 3. To send user's Entrust Reference number used to create or recover the PKI credential. |
Employee | 1. Part of the Lightweight Directory Access Protocol (LDAP) directory. 2. Part of the PKI credential. |
| Confirm E-mail Address |
ORCA Website pages | ORCA Application | To verify e-mail was typed accurately on the ORCA website. | Employee | Not stored. |
| Personal Record Identifier | ORCA Website pages | ORCA Application | To verify an individual's identity. | Employee | Master Directory LDAP entry (hashed). |
| Date of Birth | ORCA Website pages | ORCA Application | To verify an individual's identity. | Employee | Not stored. |
4. Privacy Risk Management
The Privacy Risk Management Plan summarizes specific privacy issues and risks identified through the assessment process. Mitigating measures to reduce or eliminate these risks have been identified and implemented.
There are no unresolved risks that might jeopardize the privacy of individual employee users, however, there was one outstanding privacy concern identified in the ORCA Release 1.0 PIA. The associated risk and mitigation strategy identified is summarized below.
4.1. Privacy Act: Principle 5 – Retention
4.1.1. Privacy Risk
The timeframe for PWGSC to destroy the personal data that ORCA Release 1.0 collects and uses has not yet been determined.
ORCA Release 1.0 may not comply with the Library & Archives Canada's retention and disposal guidelines, and the Library & Archives of Canada Act when it retains personal information it collects and uses beyond the 2-year minimum requirement (as specified by the Privacy Act's Privacy Regulations). This may result in a low level of risk as the personal information in ORCA may be maintained for longer period of time than required.
4.1.2. Privacy Risk Mitigation
PWGSC is in the process of establishing records retention guidelines, and acquiring a Records Deposition Authority (RDA) number for the GC PKI Certificates PIB (PWGSC PCU 606). Any information that ORCA collects and uses will not be destroyed until these initiatives are completed.
5. Communication Plan
Communication tools will be created to educate and inform client departments of the launch of ORCA Release 1.0. The intent is to create a variety of communications documents to generate awareness within departments of the importance of using the ICM service and on how ORCA facilitates its use. The communications will be in the form of communiqués via e-mail, information kits, and factsheets / Frequently Asked Questions (FAQs) contained on the ICM website. These communications will include key messages that will be clear and concise to inform departments about the benefits of using the ICM service and setting expectations for the ORCA enhancement.
6. Conclusion
Federal Government departments and their employees can be rest assured that the ORCA Release 1.0 enhancement to the ICM service does not pose any significant privacy risks to personal information. Important security measures are being implemented into the design of the service, and as per IT security risk management processes, the ORCA service will be certified and accredited prior to implementation.
- Date modified: