Compensation Web Applications Privacy Impact Assessment

Public Summary

1. Introduction
2. Business Benefits
3. Data Analysis
4. Privacy Risk Management
5. Communications Plan
6. Conclusion

1. Introduction

In support of the Government On-Line (GOL) initiative and, as recommended in the Compensation Modernization Study, the Compensation Sector of the Accounting, Banking and Compensation Branch (ABCB) of Public Works and Government Services Canada (PWGSC) is progressively implementing a series of secure, on-line, electonically delivered, services known as Compensation Web Applications (CWA) for access by all Government of Canada employees. The following reflect the current services offered by the CWA:

• Pension and Benefits Statement;
• Payment Stub on the Web;
• Request for Changes to Voluntary Deductions via Web;
• Gross-to-Net Regular Pay Estimate Calculator;
• Compensation Advisor Access to Web Applications for Employees; and
• Compensation Common Services Database/Classification Reform.

Additional functionality will be introduced within this framework in future upgrades to the service.

The Access and Identity Management Services (AIMS) infrastructure provides on-line registration and enrolment functionality in support of these business level applications. This functionality is based on the Incident Credential Management Public Key Infrastructure (PKI). The following reflects these major services:

• Creation of an Anonymous Certificate for each registering employee;
• A Customization Service to the G-Pass Self Administration Server (SAS) that allows anonymous registration and integration through a G-Pass Secret Service;
• A G-Pass Secret Service to allow for recovery and revocation as a PKI self-administration function;
• A PIN Service to assist the Enrolment Service in the identification of enrolled users; and
• A Mapping Service to manage the PKI to application user identifiers.

  For all systems, the Treasury Board of Canada Secretariat-published Privacy Impact Assessment Policy requires that a formal assessment of how the service offering ensure the privacy of any personal information collected or made available throughout the service's life cycle. The process encompasses the ten privacy principles reflected in that policy.

  This summary of the formal Privacy Impact Assessment reflects the finding and decisions emanating from that assessment. Its presentation in this forum is intended to assure both public and private sector Canadians that these services reflect the strong and total commitment to privacy that the Government of Canada adheres to in all its activities. This PIA is restricted to the business applications functions level only. A separate assessment of the supporting infrastructure has been undertaken.

  The formal review process of this PIA is now complete and the Office of the Privacy Commissioner (OPC) has confirmed that it is satisfied that the Compensation Web Applications service poses a low risk to the privacy of government employees.

2. Business Benefits

The Compensation Web Application services developed and implemented allow the Compensation Sector of the PWGSC ABCB to greatly reduce the need to, and very high cost of, having to regularly print and distribute employee pay and pension summaries. The on-line services have also permitted the Branch to achieve a reduction in the number of administrative staff that has traditionally been required to assist Government of Canada employees in reviewing and initiating any changes required to their personal accounts.

As the service expands to incorporate additional capabilities, cost and manpower savings will continue to be realized.

3. Data Analysis

The following table summarizes the types of personal information collected, processed and/or displayed to accessing employees by the business level functional applications:

CWA Data Flow Table

Description of personal information cluster	Collected by	Type of format (e.g. paper, electronic)	Used by	Purpose of collection	Disclosed to	Storage or retention
Pension and Benefits Statement (PBS) and Related Applications
Pension and Benefits data	Pension and Benefits Master File	Electronic	Individuals Compensation Advisors, Pension Calculator and Service Buyback Estimator	To provide current and projected pension benefit data to the individual and Advisors	Individual employees Compensation Advisors Individual employees	PBS Member The PBS Information Table are wiped out and reloaded every month. The Access Information Table are then be updated
Pay Stub Web and Related Applications
Employee Regular and Supplemental Pay and Tax Slips	Regional Pay Register DB Pay Stub on the Web application	Electronic	Individuals DB Load Utility and DB batch programs Compensation Advisors Gross to Net Regular Pay Estimate Calculator Voluntary Deductions	To provide current and historical pay stub data to the individual and advisor To provide a gross to net regular pay calculation To allow employees to directly initiate, change or terminate voluntary deductions	Individual Compensation Advisors Regional Pay System	The data is stored on the Departmental mainframe.
Compensation Advisor Access and CCSDB/CR Applications
CCSDB and CR IDMS and IDD table data and spreadsheets	Compensation and benefits administrators	Electronic	Advisors to determine and update employee classification data	Maintain employee classification data for pay and benefits purposes	Specifically authorized Advisors	Departmental mainframe

4. Privacy Risk Management

The Privacy Risk Management Plan summarizes specific privacy issues and risks identified through the assessment process. Mitigating measures taken to reduce or eliminate these risks have been identified and implemented. There are no unresolved risks that might jeopardize the privacy of individual employee users.

There were only two outstanding privacy concerns identified in the CWA PIA. The associated risks and mitigation strategies identified are summarized in the following subparagraphs.

4.1 Privacy Act Principle 3 - Consent

Privacy Risk #1:

Data relating to employees who do not wish to enroll for the on line service offerings must not be available to unauthorized users.

Privacy Risk Mitigation Measure: An employee will be required to submit a written request to be excluded. In such cases, the employee data is then removed from the database and it becomes impossible for anyone to enroll as that employee. IT should be noted that such an "opting out" also results in the employee being deleted from all of the CWA service offerings. Should the employee later change his/her mind a formal request that his/her data to be reinserted into the database must be submitted. The need for a more automated "Opting Out" process will be reevaluated after the results of a one year evaluation period using the manual process is concluded.

4.2 Privacy Act Principle 7 - Safeguarding of Personal Information

Privacy Risk #2:

That misuse may go undetected.

Privacy Risk Mitigation: A "Last Logged-in" and all unsuccessful attempts made from the time of an employee's last successful log-in is uploaded to the employee at each log-in by the ICM Session Verification Module and also be the PBS application. The employee is advised to notify the service if the advisory is not correct. In addition, an extensive Intrusion Detection System is being implemented within the AIMS infrastructure to detect otherwise unnoticed attempts to misuse the services.

5. Communications Plan

A variety of communication’s documents has been prepared to allow a progressively rolled out to employees. These documents include the key messages required, various messages or components, responsibility roles and consultation process required prior to release.

6. Conclusion

It is evident that the Compensation Web Applications business level implementation has been designed with the view to improving and maintaining privacy throughout the system lifecycle. The implementation of anonymous certificates, session cookies, and other technical mitigating measures, such as encryption of 'shared secrets', limiting read/write access to the Central Services Database (CSDB), making use of the proven ICM capability, conducting a Threat and Risk Assessment (TRA), implementing processes such as annual audit and quality assurance (QA), and system security certification and accreditation, makes notable contributions to meeting privacy expectations and requirements.