Publications Website Privacy Impact Assessment Summary
Introduction
Part of the mandate of the Public Works and Government Services Canada (PWGSC) – Consulting, Information and Shared Services Branch (CISSB) is to inform Canadians about the federal programs and services available to them. To assist in this mandate, CISSB – Publishing and Depository Services Program (PDS) has created a Web application to provide an integrated computerized solution for the management, publishing, promotion and sales of Government of Canada (GC) publications.
The Government of Canada Publications Web site is designed to leverage the publishing, marketing and cataloguing expertise of the PWGSC's Publishing and Depository Services Program to create "one-stop-shopping
" for GC publications.
This web site supports other Government of Canada Primary Portals – the Canada Site, 1-800 O-Canada, and the Service Canada in-person centres - through providing e-access to bibliographical information, publication availability, distribution sources and ordering information.
Benefits
Visitors benefit from end-to-end services for searching, ordering, and purchasing Government of Canada publications.
Credit card purchasing activities are accomplished through the use of the Receiver General Buy Button (RGBB), a secure shared government service.
PDS employs external service providers to deliver its services such as shipping, warehousing and distribution services.
Information about the Crown Copyright and Licensing section and its activities is also made available on the Government of Canada Publications Web site. Visitors may request permission to reproduce, adapt, revise and/or translate any Government of Canada works by downloading the application form accessible from the web site in PDF format or by applying on-line using the web form. The web form provides a fast and easy way to fill out and submit requests for copyright clearance on Government of Canada works.
Report Objective
A privacy impact assessment (PIA) for this on-going initiative was conducted to determine if there were any privacy, confidentiality and security issues associated with the Government of Canada Publications Web site and its various components/interfaces, and if so, to make recommendations for their resolution or mitigation.
Description
For information on Government of Canada Publications, customers can send their questions or their comments through the GC Publications Web site using the Contact Us form or call directly the PDS Customer Service. Personal information collected includes name, telephone number and e-mail address if the visitor wants to receive an answer.
Customers can purchase Government of Canada Publications through the GC Publications Web site in addition to traditional channels (i.e. mail, fax, and phone).
Only personal information needed for order fulfillment is requested from individuals.
Personal information collected by the web order form is the same information that PDS has been collecting via paper form, and is typical of personal information collected for order fulfillment. The personal information includes individual's name, and either the individual's home or office contact details such as mailing address, e-mail address, fax number and telephone number.
Ordering from the Government of Canada Publications Web site is a matter of choice by the customer and, therefore, consent is inherent with that choice.
Customers who select to pay by credit card through the GC Publications Web site are directed to the Receiver General Buy Button (RGBB) Web interface. This secure Web interface collects and validates the customer's credit card information. If the credit card payment is accepted, the RGBB Web interface returns the authorization number for the payment.
The authorized credit card order is then submitted via an automated interface to the Inventory / Order / Sales management application for order fulfillment. The authorization number is stored in the Inventory / Order / Sales management application and used to process the payment.
The GC Publications Web application does not process, capture or store any credit card information.
Existing customers who have pre-established credit with PDS can charge their order on account through the GC Publications Web site. Such orders are automatically submitted to the Inventory / Order / Sales management application for order fulfilment. The customer's shipping data is then sent to the external warehouse.
At any time prior to confirm their online order/payment, customers have the option of canceling the transaction and can choose another channel such as mail, fax or telephone to submit their order.
Customers who select to pay by cheque or money order through the GC Publications Web site are informed to print the completed order form and mail it along with their payment to Publishing and Depository Services Program.
Customers who prefer to use the paper-based order form can mail or fax their order to PDS Customer Service. Customers may also contact the Customer Service Desk directly to request publications of their choice. Faxes are received in a restricted access room.
RGBB also provides a Web console service where telephone, mail or FAX orders with credit card payments are authorized and captured. The authorization number returned from RGBB is recorded with the order. All correspondence received is secured in a locked cabinet with restricted access.
PDS discloses personal information in accordance with section 8(2)(a) of the Privacy Act, for the completion of inquiries and orders pertaining to GC Publications.
Financial transactions such as sales and account receivables are submitted to the departmental finance system. Customer information such as name, address, telephone number and E-Mail is also provided and stored in the departmental financial system for the purpose of adjustments and reconciliation, should the customer need to be contacted.
Visitors are being informed of the purpose for which their personal information is being collected at every point of collection throughout the Publications website.
Occasionally, PDS promotes Government of Canada publications to subscribers to its mailing list. New customers as well as current ones are being informed of the Government of Canada Publication's mailing list for promotional material and have the opportunity to sign up to receive promotional material while they place an order.
Data Analysis
Table Summary
The Data Analysis table summarizes the different types of personal information collected or used during the various stages of the business process.Personal Information elements by cluster | Collected by |
Type of format (e.g. paper, electronic) | Purpose of collection | Used by or Disclosed to |
Storage or retention site | Retention Schedule (Subject to LAC Document Mgmt review) |
---|---|---|---|---|---|---|
Call-back information (Name, title, phone number, comments) | Government Enquiry Services call centre
PDS Customer Services |
Electronic (via e-mail or telephone)
Paper (faxes, mailings) |
Call back | PDS Customer Services
PWGSC Finance |
E-Mail server account
PDS Customer Services restricted access room and locked cabinets |
1 year
1 year |
Contact Information (Name, mailing address, shipping address, invoicing address, telephone) | Government Enquiry Services call centre
PDS Customer Services Publications Website application |
Electronic (via e-mail or telephone)
Paper (faxes, mailings) Web (via Publications Website application) |
GC publications orders fulfillment
GC publications promotions Application for Crown Copyright Licencing Updates to contact information from Client Centre function |
PDS Customer Services
PWGSC Finance GC Publications Warehouse GC publications distributors (mailing lists) CCL Officer Other GC author department for CCL. request. |
E-Mail server account
Axapta backend application database PDS Customer Services restricted access room and locked cabinets CCL backend application. |
1 year
2 years after inactive 1 year Indefinite |
Credit Card (Number, Expiry Date)
Entered manually via RGBB online console. |
Government Enquiry Services call centre
PDS Customer Services |
Telephone
Paper (faxes, mailings) |
Payment for GC Publications orders | PDS Customer Services
RGBB for verification |
PDS Customer Services restricted access room and locked cabinets | 1 year |
Email addresses | Government Enquiry Services call centre
PDS Customer Services Publications Website Web application |
Electronic (via e-mail or telephone)
Paper (faxes, mailings) Web (via Publications Website application) |
To respond to queries
To confirm GC publications order details to customer To send notices |
PDS Customer Services
CCL |
E-mail box (server)
Axapta backend application database CCL application |
1 year
2 years after inactive Indefinite |
Payments (Name, address, payment details) | Government Enquiry Services call centre
PDS Customer Services Publications Website Web application |
Telephone
Paper (faxes, mailings) Web (via Publications Website application) |
For payment of GC Publications orders. | PDS Customer Services
PWGSC Finance |
PDS Customer Services restricted access room and locked cabinets
Axapta backend application database |
1 year
5 years |
Privacy Risk Management
Privacy risks raised in the Publications Website Privacy Impact Assessment are the following (since many of the risks are currently under mitigation a status is also reported):
Table Summary
The Privacy Risk Management table indicates the Privacy risks raised in the Privacy Impact Assessment (since risks are under mitigation a status is also reported).Privacy Risk | Level | Status |
---|---|---|
Purpose for which Personal Information (PI) is collected has not been documented. | Low | Implementation completed in the 1st quarter 2008-09. |
Consent for secondary purpose not obtained. | Low | Secondary purpose identified at all collection points and a process to obtain consent has been developed. Implementation completed in the 1st quarter 2008-09. |
Lack of GC Publications specific data retention and disposal policies | Low | Records Disposition Authority (RDA) number is to be requested by PWGSC - CISSB for the branch.
PWGSC - CISSB to develop policy relating to the retention and disposal of PI. |
The adequacy of existing safeguards on personal information has not been systematically addressed | Low | System security procedures are scheduled to be developed in fiscal 2009-10. |
Update privacy notices on the GC Publications web sites to conform to Treasury Board of Canada Secretariat (TBS) standards on Privacy Notices Statements. | Low | Implementation completed in the 1st quarter 2008-09. |
Conclusion
This privacy impact assessment of the GC Publications Web application did not identify any privacy risks that cannot be managed using either current safeguards or others that have been specifically developed for the implementation of the system.
The GC Publications Web application poses few privacy risks to Canadians, all of which are considered to be low in severity as they relate mostly to process documentation.
These risks have been mitigated with the implementation of the recommendations in the Privacy Risk Management Plan.
- Date modified: