Government of Canada Pension Modernization Project – Release 1.5 - Enhanced Case Management and Imaging

Introduction

This document summarizes the Privacy Impact Assessment (PIA) Report that the Government of Canada undertook to ensure that privacy was considered throughout the development and deployment of Release 1.5 of the Government of Canada Pension Modernization Project (GCPMP). The PIA Report concluded that personal information is involved in Release 1.5 with an overall risk rating of "medium". Implementation of the mitigation mechanisms described in the Privacy Risk Management Plan below will alleviate potential issues and concerns.

Background

Public Works and Government Services Canada (PWGSC) is the administrative authority for the disbursement of pay and pension services under the Department of Public Works and Government Services Act. PWGSC is responsible for the administration of pension plans for public servants governed under the Public Service Superannuation Act (PSSA), and for the administration of the respective pension plans for the Members of Parliament, Federal Judges, the Diplomatic Corps, and the Lieutenant Governors. The Department also provides pension services, on a cost recovery basis to the military members of the Department of National Defence (DND).

The GCPMP has been established to develop and implement Information Technology solutions for the renewal of PWGSC pension administration systems and services. The GCPMP will provide a modern pension administration system through the phased adoption of commercial-off-the-shelf (COTS) software based solutions.

Business Process

The business requirements for GCPMP Release 1.5 are focused on the automation and enhancement of service delivery to Clients. Release 1.5 consists of providing Public Service Pension Centre (PSPC) operations and other groups within Compensation Sector with enhanced case management capabilities and the addition of digitized images for all incoming documents received by mail and fax.

PSPC Agents include Pension Specialists, Client Inquiry, Pension Portability and Executive Services personnel. Unlike R1.0 where only half of the PSPC staff in Shediac were expected to access the system, Release 1.5 extends the Case Management capabilities to the rest of the PSPC operations, approximately 600 end users.

In Release 1.5, all incoming mail and faxes will now be received and digitized by the Cheques Redemption Control Directorate (CRCD) Imaging Facility located in Matane, Québec. Upon receipt of incoming hard copy mail or fax by the CRCD, an image of each document is captured. In addition to processing all incoming mail, Release 1.5 provides the capability to process requests received by electronic mail. An e-mail received from a Client will be automatically acknowledged by the system with an indication to the sender as to when an answer should be provided.

Personal Information Collected by GCPMP Release 1.5

The following data elements which constitute personal information are collected as follows:

  • Personal Identifiers:
    • Personal Record Identifier (PRI);
    • Pension Number (PN); and
    • Social Insurance Number (SIN) - in scanned documents only.
    • Universal Unique Identifier (UUID) – for internal system use only.
  • Names: Last and first name of an individual and other variations of names such as name changes, maiden name, given name, etc.;
  • Dates: Date of birth, death, etc.;
  • Addresses: Mailing address, temporary address, out of country address, e-mail address, fax number, etc.;
  • Bank Information: Banking institution, transit number and account number; and
  • Payment Information: cheque number, payment amount and encashment date.

The new imaging functionality in Release 1.5 does not have an impact on the following processes: Consent for Disclosure; Safeguarding Personal Information, Accuracy; Openness; Individual's Access to PI; and Challenging Compliance.

Data from the existing Production Control File Location System (PCFLS) will be converted and brought into the Case Management application. No other legacy applications or databases are being discontinued during the operational period for Release 1.5.

Data Analysis

Table Summary The data flow analysis section of the PIA Report identifies and traces personal information from the point of collection to the point where all copies of the information are disposed or permanently destroyed. Table 1 – Data Flow Analysis - documents the personal information involved in three GCPMP Release 1.5 business processes: "Manage Contacts", "Manage Correspondence" and "Manage Contributions and Receivables".
Table 1 - Data Flow Analysis
Description Collected by Format Purpose of Collection Used by or Disclosed to Storage or Retention Site

Name

Salutation

Home Address

E-mail Address

Phone Number

Fax number

Personal Reference Identifier

Pension Number

Date of Birth

Toll free numbers

CRM - Call Monitoring

Manage incoming correspondence

Legacy Annuitant/ Contributor Systems via SMIRS Bridge

Phone

IVR

TTY

Fax

E-mail

To manage client inquiries/ requests via PSPC Client Contact Centre

Active/Retired member

(Ex) spouses/ (Ex) partners of an Active/Retired member

Children of a Retired member

Family members of an Active/ Retired member

Power of Attorney/Lawyer

Pension System

Universal Client Management (UCM)

Customer Relationship Management (CRM)

Document Image

Document

PRI/PN

Surname

Given Name

Address

Phone Number

E-mail Address

Cheque Redemption Control Directorate (CRCD)

System generated

Agent or Pension Expert

Mail

Fax

E-mail

Image

To manage incoming and outgoing correspondence.

Active Member

Retired Member

Power of Attorney/Lawyer

Employer

External Stakeholder

CRCD Imaging System Database

CRCD Image Repository

Customer Relationship Management (CRM)

Cheques payments:

  • Document Image
  • Name
  • Amount
  • Cheque Number
  • Bank Account Number
  • Transit Number
  • Financial Institution Number
  • Encashment Date

Department Remittance Information File for BPS:

  • PRI/PN
  • Name
  • Amount
  • Possibly other personal data

Cheque Redemption Control Directorate (CRCD)

Bill Payment Services (BPS) Contractor (National Bank of Canada)

Mail

Image

To handle receipt of contributions and other receivables.

Common Department Financial System (CDFS)

Receiver General

CRCD Imaging System Database

CRCD Image Repository

Bill Payment Services Database

Privacy Risk Management

Table Summary Section 6 of the PIA Report identifies GCPMP Release 1.5 privacy risks and potential risk mitigation strategies. Table 2 – Risk Management Plan - below summarizes that information.

Risk Management Plan provides a summary of the privacy risks, likelihood of occurrence and mitigation measures

Table 2 - Risk Management Plan
Element Nature of risks Level of risks Proposed Mitigating Mechanisms
Potential Unauthorized Disclosure of Private Information

Inappropriate access

Disclosure of personal information to unauthorized persons

Low

Continue to provide training to Agents

Implement periodic audits of calls to monitor

Refresher training on privacy issues

Capturing Personal Identifier Data Over IVR (Integrated Voice Response)

Inappropriate access

Compromise of personal information to unauthorized persons

Low

PRI or SA is not related to or stored with a name in the IVR
Compliance with Privacy Act (ss. 5 (2)) for Privacy Statements

Inconsistent access to the Privacy Statement across all channels

Low

Callers are instructed to obtain the Privacy Statement via the existing website or to wait for an Agent

Develop a standard, generic Privacy Statement for all channels

Add a link in outgoing E-fax and E-mail messages to a web site with further information on PWGSC Privacy Policy

Documented Security Procedures

Inappropriate access

Compromise of personal information to unauthorized persons

Accountability


Low

Establish and document detailed security procedures for the collection, transmission, storage, and disposal of personal information
Audit Logs and Audit Trails

Inappropriate access

Compromise of personal information to unauthorized persons

Unauthorized changes to personal information

Medium

Define audit requirements

Design, develop and implement audit solution for all application software components

Safeguards to Protect Personal Information

Inappropriate access

Compromise of personal information to unauthorized persons

Unauthorized changes to personal information

Medium

Implement safeguards recommended through the Certification & Accreditation process

Continue to abide by conditions set out in Letter of Accreditation

Conclusion

The highest privacy risk identified in the Privacy Risk Management Plan is evaluated as "medium". PWGSC has examined the impacts and has proposed appropriate mitigation strategies for the identified privacy risks associated with Release 1.5 of GCPMP.

Most notably, there is a need for audit requirements and additional safeguards to be implemented to protect personal information. Security activities are being conducted in parallel with the PIA in accordance with the Certification & Accreditation (C&A) process.

The proposed mitigating mechanisms for the identified privacy risks indicate a continued commitment by the Crown in ensuring the confidentiality and privacy of the personal information collected from individuals.