Government of Canada Pension Modernization Project - Release 1.0

Privacy Impact Assessment

Public Summary

Introduction

The Government of Canada (GC) Privacy Impact Assessment (PIA) Policy requires the publication of a summary outlining the results of a Privacy Impact Assessment. This requirement is considered desirable to demonstrate that privacy considerations were examined in the planning of a project.

The framework used in the preparation of this summary conveys a concise yet detailed description of the business process as well as indicating the identified privacy risks and recommendations for risk mitigation. Certain aspects of the business model description are omitted in order to avoid any compromise of security.

This document summarizes the Privacy Impact Assessment that the Government of Canada undertook to ensure that privacy was considered throughout the development and deployment of Release 1.0 of the Pension Modernization Project (PenMod). The PIA concluded that some personal information is involved in Release 1.0.

The privacy risks identified in the Privacy Impact Assessment of Release 1.0 PenMod are rated "Low" in severity. Implementation of the mitigation mechanisms described in the Privacy Risk Management Plan below will alleviate these concerns.

Background

Public Works and Government Services Canada (PWGSC) is the administrative authority for the disbursement of pay and pension services under the Department of Public Works and Government Services Act. PWGSC is responsible for the administration of pension plans for public servants governed under the Public Service Superannuation Act (PSSA), and for the administration of the respective pension plans for the Members of Parliament, Federal Judges, the Diplomatic Corps, and the Lieutenant Governors. The Department also provides pension services, on a cost recovery basis to the military members of the Department of National Defence (DND).

The Government of Canada Pension Modernization Project (GCPMP) has been established to develop and implement both the business transformation and Information Technology solutions for the renewal of PWGSC pension administration systems and services. The GCPMP will provide a modern pension administration infrastructure through the phased adoption of commercial-off-the-shelf (COTS) software based solutions for both core pension administration and Customer Relationship Management (CRM). The transition to the COTS software based solution will be carried out in concert with a careful plan to transform the pension administration business organization, functions and processes.

Business Process

The business requirements for PenMod Release 1.0 are focused on the delivery of Customer Relationship Management (CRM) and Case Management tools for SPTCSS Pension Experts in Shediac, New Brunswick. This includes a call center application to handle incoming calls from Clients, a training module, and an identity management component for user authentication and access control.

Agents include SPTCSS Pension Specialists, Client Inquiry, Pension Portability and Executive Services personnel. Approximately half of the staff working in the Client Contact Centre are expected to access and use the R1.0 system.

Clients can be Annuitants (retired members), Contributors (active members), and Employers. There are approximately 250,000 Contributors, and approximately 270,000 Annuitants. Employers are federal government departments and Crown agencies.

The Client will call a 1-800 number with an inquiry or request. There are three categories of 1-800 numbers available for clients to call: an Executive Services number, a general Superannuation number, and an Employer number. Calls received through the Executive number and Teletype (TTY) calls received through the general Superannuation number will be routed directly to a Pension Expert.

General inquiries on the Superannuation number will be routed via an Interactive Voice Response system to an Agent based on availability and skill set. Employer calls will be supported in a future release.

During 2004/2005, 144,750 calls were made to the English and French General 1-800 service numbers by Clients. The number of calls grew in 2006/2007 and is expected to double due to the centralization of additional services to SPTCSS.

Personal information collected by PenMod Release 1.0

The following data elements which constitute personal information are affected as follows:

  • Personal Identifiers: A caller will be required to enter their PRI number (active member) or SA number (retired) into the IVR system to allow for call routing.
  • Names: The Agents will be required to verify caller's identity once the call has been routed. This verification may include the following elements: case number, last and first name of an individual (or other variations of names), PRI number, SA number, relationship, address, phone number, email address.

With Release 1.0, the new functionality will not affect the way personal information is currently being handled or processed. No legacy applications or databases are being discontinued during the operational period for Release 1.0.

Data Analysis

Table Summary The data flow analysis section of the Privacy Impact Assessment identifies and traces personal information from the point of collection to the point where all copies of the information are destroyed or permanently destroyed. The table below represents the personal information involved in the two PenMod Release 1.0 business processes below: "Manage Contacts" and "Manage Correspondence".
Description of Personal Information Element Collected
by
Type of format (e.g. paper, electronic) Used by
or Disclosed to
Purpose of Collection Storage or Retention Site
Name

PRI

Relationship

Address

Phone Number

Email Address

Interactive Voice Response (IVR)

Call Monitoring

Legacy Annuitant/
Contributor systems

Phone

Digital

Electronic

Client Inquiry

Executive Services

Pension Portability

Contributor/
Annuitant

Power of Attorneys/
Lawyers

Manage client inquiries/
phone requests by Client Contact Centre
Pension System

Universal Client Management (UCM)

Customer Relationship Management (CRM)

IVR system data store

Name

Address

Form Letter

Details

System generated correspondence printed in a centralized area in SPTCSS or locally for an Agent to complete prior to mailing Paper Print Fulfillment Operator

Agent

Management

EmployersFootnote 1

External StakeholdersFootnote 2

Manage outgoing mail Annuitant/
Contributor Legacy Systems

Pension System

UCM

Privacy Risk Management

Section 6 of the Privacy Impact Assessment identifies PenMod Release 1.0 privacy risks and potential risk mitigation strategies. The table below summarizes that information:

Table Summary The table summarizes the GCPMP Release 1.0 privacy risks and potential risk mitigation strategies.
Element Nature of risks Level of risks Proposed Mitigating Mechanisms
Potential Unauthorized Disclosure of Private Information Inappropriate access

Disclosure of personal information to unauthorized persons

Low Continue to provide training to Agents

Implement periodic audits of calls to monitor

Refresher training on privacy issues

Capturing Personal Identifier Data Over IVR Inappropriate access

Compromise of personal information to unauthorized persons

Low PRI or SA is not related to or stored with a name in the IVR
Compliance with Privacy Act (section 5 (2)) This new telephony services may not provide callers with consistent access to the Privacy Policy and Statement for pension services Low Callers will be instructed to obtain the Privacy Statement either via the existing website or to wait for an Agent

Develop a standard, generic Privacy Statement for all channels

Conclusion

The privacy risks identified in the Privacy Risk Management Plan are evaluated as "Low" in severity. PWGSC has examined the impacts and has proposed appropriate mitigation strategies for the identified privacy risks associated with Release 1.0 of PenMod.

Most notably, the use of the IVR highlighted a concern about the entry of a PRI or SA number. The IVR system merely uses these numbers to direct the call and not to display any specific information on the Agent's screen. Agent's scripts will prompt the Agent to collect identification information from the caller and authenticate the caller using data held in legacy systems.

The proposed mitigating mechanisms for the identified privacy risks indicate a continued commitment by the Crown in ensuring the confidentiality and privacy of the personal information collected from individuals.

Footnotes

Footnote 1

Employers currently play an integral role in the delivery of pension services.

Return to footnote 1 referrer

Footnote 2

Canada Revenue Agency (CRA), Canada Pension Plan/Human Resources and Skills Development Canada (CPP/HRSDC), Quebec Pension Plan (QPP), Revenue Quebec, Treasury Board, House of Commons, Office of the Superintendent of Financial Institutions (OSFI), Auditor General, Bank of Canada (Canada Savings Bonds), Canadian Payments Association (via Direct Deposit Interface System (DDIS), Royal Canadian Mounted Police (RCMP), British Columbia (BC) Medicare, Quebec Blue Cross, SunLife, non-RPS Separate Employers and Crown Corporations, United Way, Federated Superannuates National Association (FSNA).

Return to footnote 2 referrer