Controlled Goods Program's Enhanced Security Strategy
SECTION I - OVERVIEW AND PRIVACY IMPACT ASSESSMENT (PIA) INITIATION
Government Institution
Public Works and Government Services Canada (PWGSC)
Government Official Responsible for the Privacy Impact Assessment
Simona Wambera
Director, Controlled Goods Program
Delegate for section 10 of the Privacy Act
Rachelle Delage
A/Manager, Access to Information and Privacy
Name of Program or Activity of the Government Institution
Controlled Goods Program's Enhanced Security Strategy (ESS)
Description of Program or Activity
Specialized Programs & Services
This program activity provides federal organizational with high quality, timely and accessible specialized services and programs to federal institutions in support of sound, prudent and ethical management and operations.
Industrial Security Program
This program sub-activity supports the Government's obligations to protect sensitive and classified information entrusted to the private sector through government contracts awarded by PWGSC and to safeguards controlled goods within Canada from unauthorized possession, examination and/or transfer. This program is the government's primary service provider for the delivery of contract security and controlled goods activities. It also supports Canada's economic growth by ensuring security in government contracts and enabling Canadian industry to access classified and sensitive domestic and international opportunities.
Description of the class of records associated with the program or activity
Description: Information on all persons registered or exempted from registration (i.e.: visitors and temporary workers) examining, possessing, or transferring controlled goods in Canada. Personal information may include: name, contact information, other identification number (e.g. registration number); biographical information, date of birth, gender; information on criminal history, fingerprints provided by Royal Canadian Mounted Police (RCMP); information on type of business; expiry date; and, certification.
Document Types: Agreement and exchanges (information between PWGSC and other government agencies); registrations (also include renewals and amendments); security assessments and or checks; application for exemption; and consent to use a Government of Canada security clearance.
Class of Record Number: PWGSC Consulting, Information and Shared Services Branch (CISSB) 455
Note: A new Class of Record is pending review and approval (PWGSC CISSB 455)
Note: A Class of Record will be reviewed as the Industrial Security Sector was transferred from CISSB to the Departmental Oversight Branch (DOB) effective August 15, 2011.
Proposal for a New Personal Information Bank
Proposal to modify an existing Personal Information Bank (PIB) - identify PIB registration number and current description:
Amendments to PIB PWGSC Particular Bank (General Public) (PPU) 045 were recently approved by Treasury Board Secretariat (TBS) and the following represents what is to appear in Info Source 2011:
Controlled Goods Program (CGP)
Description: Under the authority of the Defence Production Act (DPA) and of the Controlled Goods Regulations (CGR), the program is mandated to conduct a security assessment, the extent to which the person poses a risk of transferring controlled goods to someone who is not registered or exempt.
This bank describes information on any persons, applying for registration, amendment or exemption, registered, exempt, denied, suspended or revoked, examining, possessing, or transferring controlled goods in Canada.
Personal information may include: name, contact information, telephone number; biographical information, biometric information (fingerprints), place and date of birth, citizenship, information on criminal history, education, travel, and current and former employment.
Class of Individuals: Individuals conducting business in Canada as defined by s. 2 of the CGR, who apply for registration or submit exemption request to lawfully examine, possess or transfer controlled goods in Canada (s. 37 of the DPA). Individuals may include sole proprietors, part-owners, directors, officers, Designated Officials within companies as per CGR s. 10(d), as well as visitors, and temporary workers defined in s. 1 for exemption under s. 17.
Purpose: Prior to any examining, possessing, or transferring controlled goods in Canada, individuals must be assessed against security risks and be registered or exempted from registration per DPA and Controlled Goods Regulations (CGR). Based on the personal information obtained from the applicant, an evaluation of the risk of transferring controlled goods by the applicant to someone who is not registered or exempt is made and registration or exemption is either granted or denied. The information is also reviewed on the basis of a security assessment to deny, suspend, amend or revoke existing registration or exemption.
The name and contact information maybe used or disclosed for corresponding with registrants or validation in a search capacity on the Controlled Goods program website.
Consistent Uses: The Controlled Goods Program may share information with other federal institutions to assist in evaluating the risk of persons, wishing to register in the program, transferring controlled goods to persons who are not registered or exempt. As the Department of National Defense has chief interest in the DPA, CGP may exchange personal information described in the related Department of National Defense (DND) PIB, DND Particular Banks (Employees) (PPE) 835.
For the purpose of verifying individuals and companies they represent possess the required import and export permits as well as authority identified on the Department of Foreign Affairs and International Trade (DFAIT) Export Control List used to determine the list of controlled goods, some data is shared with DFAIT.
For the purpose of validating and assessing the risk of illegal transfers of importers and exporters and to validate the risk of illegal transfer of controlled goods by foreign visitors and temporary workers, data may be exchanged with Canada Border Services Agency (CBSA) PIB CBSA PPU 016, Security Intelligence Analysis Division (SIAD) Reports are shared with the Canadian Security Intelligence Services in PIB Canadian Security Intelligence Service (CSIS) PPU 016.
For the purposes of s. 30 of the DPA, information may be shared with other government departments, or any person authorized by a government department, requiring the information for the discharge of the functions of that department.
For the purpose of conducting investigations under the DPA, or any other offences against a Canadian law that requires this information, GGP may share with the RCMP PPU 005 or National Defence, DND PPE 835.
Retention and Disposal Standards: Under development. Operational files are retained by Controlled Goods Directorate until an RDA is approved.
RDA Number: Under development.
Related to Program Number: PWGSC CISSB 455
TBS Registration: 005093
Bank Number: PWGSC PPU 045
Legal Authority for Program or Activity:
Defence Production Act, sections 38 and 39.1
Controlled Goods Regulations, sections 15, 18, and 19
Summary of the project / initiative / change:
A Threat Assessment was performed on the CGP to determine the security gaps in the program in a post 9/11 environment. In addition, the CGD performed a risk assessment of the business processes and practices of the CGD. In total, these assessments provide overwhelming evidence that the CGD needs significant security enhancements to enhance the security posture of the CGP in a post 9/11 environment.
To support the recommendations of the Threat Assessment and address internal risks identified, the CGD developed the Enhanced Security Strategy (ESS) to not only address the security gaps, but to streamline business processes and better educate registrants in doing their part to protect controlled goods. In the end these threat and risk assessments identified four key risk indicators wherein the CGD was lacking sufficient robust processes and procedures:
- Criminal History
- Financial
- Travel (frequency and duration)
- Significant and Meaningful Associations
The changes as a result of the ESS will require an enhanced security assessment procedure which will include the following changes:
- Criminal History Check: CGD will require all Designated Officials (DOs) to be fingerprinted. The CGD prefers fingerprints for all employees but industry expressed concerns about the costs and administrative burden that would come from mandatory fingerprints. What the program desires most is unique identification; to ensure that all criminal history information is being taken into consideration during a security assessment. However, to quell the concerns from industry, the ESS will begin with a requirement that fingerprints are not mandatory as long as the Designated Official takes mandatory steps to ensure unique identification. A Criminal Records Name Check (CRNC) will continue to be allowed as long as these identity verification steps are taken and that a check with CPIC is performed. The CGD will monitor this strategy in the coming months and years to determine its necessity to continue. It is possible that the CGD will require fingerprints from all individuals accessing controlled goods.
- Credit Checks: For cause, some individuals will be required to undergo a credit report to address honesty, reliability, and other security risk indicators.
- Risk Assessment: DOs will be required to document a risk assessment Level for each individual. Based on that risk assessment, individuals may be required to undergo additional checks to determine the risk they pose to the unauthorized transfer of controlled goods. These additional checks will be performed by CGD as they will require personal information to be shared to other government departments and agencies, which will use it to query particular intelligence and criminal databases. The risk assessment performed by CGD (on DOs, owners, Authorized Individuals, temporary workers, and visitors) and DOs (on officers, directors, and employees) must abide by the risk assessment guide (see Appendix D). All risk assessments will undergo a quality control review process by CGD.
- List of Persons Accessing Controlled Goods: All DOs will provide the CGD with limited personal information on all individuals allowed to have access to controlled goods.
- Students: The CGD will be notifying registrants that students, both foreign and domestic, are to be security assessed in the same manner as employees (domestic students) and temporary workers (foreign students).
- Amended Security Assessment Application: To assist in performing a risk assessment, the CGD has amended its security assessment application to ensure that it is addressing all of the four risk indicators identified in the TA and internal risk assessment. The amended security assessment application (SAA) has been reviewed by Department of Justice's Information Law and Privacy (ILAP) lawyers.
In addition to enhancing the security assessment procedures used by CGD and DOs, the CGD will be augmenting the services provided to its registrants by creating a Program Management and Learning Unit. This unit will create internal and external curriculum to ensure that both the CGD and the DO are performing their duties as required. Moreover, this unit will stress the need for individual privacy, including the DOs obligation to safeguard the personal information of their employees.
When the DO or a CGD analyst determines an individual's risk of unauthorized transfer of controlled goods exceeds a risk threshold (provided by the CGD), a quality assurance process will be mandatory before any additional checks are performed. If the quality control process determines that the risk assessment was correct, for all Level 3 and some Level 2 risk assessments, the CGD will send personal information to CSIS and the RCMP for checks with their intelligence databases. The query results will be analyzed by CGD analysts. The response from CGD will not include the further disclosure of information maintained by CSIS or the RCMP, but a confirmation or denial of the risk assessment initially made by the DO. It is the DOs responsibility, as outlined in the CGR, to make the final determination as to whether the individual poses a high risk of unauthorized transfer of controlled goods.
The queries to the RCMP and CSIS are governed by Memoranda of Understandings (MOU). For the RCMP, the MOU will become effective on April 1, 2012, while a Letter of Interest (LOI) has been signed that will govern the information sharing from October 1, 2011 through March 31, 2012.
The CGD has the authority under the CGR and DPA to suspend, deny, or revoke the registration of a company. If a DO were to permit a high risk individual access to controlled goods, the CGD may utilize this authority to restrict the company's access to controlled goods.
The ESS not only addresses the threats and risks identified, but it also allows Canadian industry to remain compliant with the U.s. International Trafficking in Arms Regulations (ITAR). The ramifications of the ESS to the U.s. ITAR is explained in detail in Appendix A
SECTION II - RISK AREA IDENTIFICATION AND CATEGORIZATION
Table Summary
Table A provides a description of the privacy risks associated to the type of program or activity for which the PIA is describing the Controlled Goods Program. Table A describes four categories of related privacy risks with a corresponding privacy risk score of 1, 2, 3, and 4. Table A also includes a narrative section describing the nature of the privacy risks and justification for the privacy risk assessment and risk score.A: Type of Program or Activity | Level of Risk to Privacy |
---|---|
Program or activity that does NOT involve a decision about an identifiable individual | 1 |
Administration of Programs / Activity and Services | 2 |
Compliance / Regulatory investigations and enforcement | 3 |
Criminal investigation and enforcement / National Security | 4 |
Details: The decisions made by the CGD in reference to Designated Officials, owners (20% or more voting shares), authorized individuals, visitors, and temporary workers (which includes foreign students) are a "determination". The CGD will collect all information, including intelligence database information from the RCMP and CSIS, and make a determination that these individuals are not permitted access to controlled goods or the company is not permitted to be registered in the program. However, CGD cannot issue a "determination" on employees that are security assessed by the DO. The Controlled Goods Regulations are not worded in such a fashion that provides the CGD with the authority to make a determination. Therefore, the CGDs response to a DO's high risk referral will either affirm the DO's risk assessment, or state that the CGDs analysis contradicts the DO's risk assessment.
The CGD can deny, suspend, or revoke a company's registration in the program if the risk associated with a particular individual being allowed access to controlled goods is permitted.
The CGD has the authority to refer cases to the RCMP for investigation and potential prosecution, but it most often relates to companies (or sole proprietors) who appear to be in violation of section 37 of the Defence Production Act by possessing, examining, or transferring controlled goods to a person who is not registered in the CGP. However, for the purposes of the amended security assessment application it will likely never result in a referral to the RCMP for investigation/prosecution of the individual. The end result is a determination to deny registration in the CGP, a determination to not allow access to controlled goods, or an affirmation/contradiction to the DO regarding the risk assessment of a particular employee's access to controlled goods. There does not appear to be a scenario wherein the CGD would foresee a security assessment resulting in referral to the RCMP for investigation/prosecution purposes.
Table Summary
Table B provides a description of the privacy risks associated to the types of personal information involved and its context. Table B describes four categories of related privacy risks and a corresponding privacy risk score of 1, 2, 3, and 4. Table B also includes a narrative section describing the nature of the privacy risks and justification for the privacy risk assessment and risk score.B: Type of Personal Information Involved and Context | Level of Risk to Privacy |
---|---|
Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program. | 1 |
Personal information, with no contextual sensitivities after the time of collection, provided by the individual with consent to also use personal information held by another source | 2 |
Social Insurance Number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual. | 3 |
Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive. | 4 |
Details: In addition to collecting criminal history information and intelligence information from the RCMP and CSIS, the amended SAA contains personal information that is directly linked to the four key risk indicators that have been developed after the Threat Assessment and internal risk assessment. The amended SAA contains information on the individual's demographics, travel history, financial status, criminal history, residential and employment history, and personal references that are called to assess the veracity of the individual's statements and assist in assessing for the risk of unauthorized transfer of controlled goods. The amended SAA also includes a risk statement section (Part N), which includes a number of personal risk statements to which the individual will respond "Yes" or "No". For some "Yes" answers, details are required. Part N may result in a great deal of personal information that could be considered very sensitive. Moreover, information obtained from the RCMP and CSIS may be very sensitive regarding allegations or suspicions. For these reasons, the risk is 4.
Table Summary
Table C provides a description of the privacy risks associated to any partners involved in the collection, use, or disclosure of personal information, including any private sector involvement. Table C describes four categories of related privacy risks and a corresponding privacy risk score of 1, 2, 3, and 4. Table C also includes a narrative section describing the nature of the privacy risks and justification for the privacy risk assessment and risk score.C: Program or Activity Partners and Private Sector Involvement | Level of Risk to Privacy |
---|---|
Within the institution (amongst one or more programs within the same institution) | 1 |
With other federal institutions | 2 |
With other or a combination of federal/ provincial and/or municipal government(s) | 3 |
Private sector organizations or international organizations or foreign governments | 4 |
Details: To determine an individual's risk of unauthorized transfer of controlled goods and potential ties to organized crime, terrorist organizations, or similar concerns, queries of some individuals will be performed with the RCMP and CSIS. As the ESS continues to develop, the CGD may enter into other Memoranda of Understanding (MOUs) with other government departments (OGDs) if it is determined that information held by that OGD will assist the CGD in providing a more thorough assessment of an individual's risk of unauthorized transfer of controlled goods.
In addition, Designated Officials are responsible for the initial risk assessment of their employees. For all Level 2 risks (Moderate), the DO must make a determination based on the information provided if additional checks are required. A guideline is provided. While some Level 2 risks may warrant additional checks, others may not. Assigning a definitive guideline to fit all employees is not practical and would result in unwarranted checks or a failure to obtain checks on individual's who should have additional checks performed. Therefore, the CGD has determined that allowing the Designated Official with the responsibility to provide an objective assessment of information on all Level 2 risks was appropriate, as long as there was justification to support the DO's decision to not divert the individuals for additional checks, as well as justification to support why the DO decided to divert files to the CGD for additional checks. These justifications are required to be recorded in the security assessment file. The CGD will perform quality assurance on all files sent to the CGD for additional checks to determine if an appropriate assessment was made by the DO. Likewise, CGD inspectors will perform checks on Level 2 security assessments wherein the DO decided not to divert the file to CGD for additional checks.
In some cases, the DO will have to obtain a credit report which may require personal information to be shared with a credit bureau agency.
The DOs may use the services of a 3rd party service provider in submitting fingerprints or Criminal Records Name Check (CRNC) requests to the RCMP for a criminal records check.
Information may also be obtained from the U.s. Directorate of Defense Trade Controls (DDTC); however, this information will likely be limited to times when the CGD has reason to believe that an individual or company have violated the CGR, DPA, or other Act of Parliament.
Because the DO has these responsibilities, the risk is determined as 4.
Table Summary
Table D provides a description of the duration of the program or activity described in the Privacy Impact Assessment the Controlled Goods Program. Table D describes three categories of duration and a corresponding privacy risk score of 1, 2, and 3. Table D also includes a narrative section describing the nature of the privacy risks and justification for the privacy risk assessment and risk score.D: Duration of the Program or Activity | Level of Risk to Privacy |
---|---|
One time program or activity | 1 |
Shortterm program | 2 |
Long-term program | 3 |
Details: The ESS is designed to address security gaps that are present within the CGP; therefore, once it begins in October, 2011, it is considered to be a permanent solution. However, the CGD has informed industry and government stakeholders that during the 3 year phased-in rollout of the ESS, various aspects of the strategy may change based on such factors as impact on industry, security gaps not appropriately addressed, and the need to streamline ESS processes/procedures. If any of these modifications are deemed to be significant, an amendment to this PIA will be authored. One aspect that is being assessed for change over the initial stages of the ESS is the continued use of CRNC versus mandatory fingerprints. The CGD will assess the success of that strategy to determine if mandatory fingerprints is necessary for all individuals accessing controlled goods.
Table Summary
Table E provides a description of the privacy risks associated to the population affected by the program described in the Privacy Impact Assessment the Controlled Goods Program. Table E describes four categories of related privacy risks and a corresponding privacy risk score of 1, 2, 3, and 4. Table E also includes a narrative section describing the nature of the privacy risks and justification for the privacy risk assessment and risk score.E: Program Population | Level of Risk to Privacy |
---|---|
The program affects certain employees for internal administrative purposes. | 1 |
The program affects all employees for internal administrative purposes. | 2 |
The program affects certain individuals for external administrative purposes. | 3 |
The program affects all individuals for external administrative purposes. | 4 |
Details: Any company (including sole proprietors) desiring registration in the program and employees of applying/registered companies must be security assessed before they are permitted access to controlled goods. The decisions made by the CGD and DOs are restricted to those individuals who require access and consent to a security assessment, as required by the Controlled Goods Regulations.
Table Summary
Table F provides a description of the privacy risks associated to the use of technology. Table F lists 3 questions with question #3 being a three part question. For each of the five questions asked there is a corresponding answer in the form of a yes or no check box. Table F also provides a narrative section for all three parts of question #3 describing the specifics associated to the answer of yes or no.F: Technology and Privacy | Yes / No |
---|---|
1. Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information? | Yes No |
2. Does the new or modified program or activity require any modifications to IT legacy systems and / or services? | Yes No |
3. Does the new or modified program or activity involve the implementation of one or more of the following technologies: | |
3.1 Enhanced identification methods Please specify: |
Yes No |
3.2 Use of Surveillance: Please specify: |
Yes No |
3.3 Use of automated personal information analysis, personal information matching and knowledge discovery techniques: Please specify: DO's will perform personal information matching if they employ the use of CRNC to determine employees' criminal history. If an individual is determined to require additional checks with the RCMP or CSIS (high risk), their personal information will be provided to these entities so that a query can be performed in their intelligence databases. Both the RCMP and CSIS will ensure that the accuracy of the information is verified before any results are provided to the CGD. If the accuracy of the information is called into question, these entities will either withhold the information or will provide the caveat that they are unsure if the results are accurate. The CGD will collect copies of fingerprints from individuals (through the DO) and collect fingerprints results from the RCMP. All fingerprint queries, and CRNC checks are the responsibility of the DO. The CGD will not submit fingerprints or names to the RCMP unless it has determined that a criminal history report (CPIC result) appears to be a forged document or has been tampered with. |
Yes No |
A YES response to any of the above indicates the potential for privacy concerns and risks that will need to be considered and if necessary mitigated.
Table Summary
Table G provides a description of the privacy risks associated to the information technology transmission of personal information. Table G describes four categories of related privacy risks and a corresponding privacy risk score of 1, 2, 3, and 4. Table G also includes a narrative section describing the nature of the privacy risks and justification for the privacy risk assessment and risk score.G: Personal Information Transmission | Level of Risk to Privacy |
---|---|
The personal information is used within a closed system. | 1 |
The personal information is used in system that has connections to at least one other system. | 2 |
The personal information is transferred to a porTable device or is printed | 3 |
The personal information is transmitted using wireless technologies. | 4 |
Details: Information on the amended SAA is submitted by industry to the CGD via mail or fax. If any personal information matching is performed with the RCMP it is done via encryption methods that meet RCMP standards for the electronic transmission of Protected B information. If for some reason, the information the RCMP would provide is Secret information, the CGD would obtain the information personally from the RCMP.
The ESS also calls for a new database and portal that will allow for the transmission of the information to be done electronically. However, a new information management system is only in the early planning stages.
Information from CSIS will either be performed in-person or through the use of government approved electronic transmission protocol that is designed to handle Secret and Top Secret information. Currently, the CGD is not equipped with this system but is seeking funding for its construction and implementation. In the interim, one of two solutions will be instituted:
- PWGSC Corporate Security maintains the appropriate system and often accepts transmissions on behalf of the CGD. It is possible that a CGD employee could be assigned to Place du Portage to address these transmissions; or
- In-person transfer of requests and responses.
Table Summary
Table H provides a description of the privacy risk impact to an individual or employee. Table H describes four categories of related harm/privacy risks and a corresponding privacy risk score of 1, 2, 3, and 4. Table H also includes a narrative section describing the nature of the privacy risks and justification for the privacy risk assessment and risk score.H: Risk Impact to the Individual or Employee | Level of Risk to Privacy |
---|---|
Inconvenience. | 1 |
Reputation harm, embarrassment. | 2 |
Financial harm. | 3 |
Physical harm. | 4 |
Details: The types of personal information collected may cause embarrassment to an individual as his/her employer will be privy to the personal information collected on the amended SAA. While it is possible that an individual could lose his/her job if adverse information is obtained, the CGP is designed through the DPA and CGR to restrict access to controlled goods. If an employer chooses to terminate an employee as a result of a security assessment, it is not mandated through a CGD response to high risk checks or a determination. The CGD response to high risk checks is limited to access to controlled goods; not to whether the individual should remain an employee or be terminated.
Table Summary
Table I provides a description of the privacy risk impact to the institution submitting the Privacy Impact Assessment Public Works and Government Services Canada. Table I describes four categories of related harm/privacy risks and a corresponding privacy risk score of 1, 2, 3, and 4. Table I also includes a narrative section describing the nature of the privacy risks and justification for the privacy risk assessment and risk score.I: Risk Impact to the Institution | Level of Risk to Privacy |
---|---|
Managerial harm | 1 |
Organizational harm. | 2 |
Financial harm. | 3 |
Reputation harm, embarrassment, loss of credibility. | 4 |
Details: The CGD is moving to a more security robust program. Internal processes and procedures must be changed, but the overall view of the Program by industry and the Government's Security and Intelligence community will be an increase in confidence.
- Date modified: