The Government of Canada (GoC) Privacy Impact Assessment (PIA) Policy requires the publication of a summary outlining the results of a Privacy Impact Assessment. This requirement is considered desirable to demonstrate that privacy considerations were examined in the planning of a project.
The framework used in the preparation of this summary conveys a concise yet detailed description of the business process as well as indicating the identified privacy risks and recommendations for risk mitigation. Certain aspects of the business model description are omitted in order to avoid any compromise of security.
This document summarizes the Privacy Impact Assessment that the Government of Canada undertook to ensure that privacy was considered throughout the development and deployment of Release 1.0 of the Pension Modernization Project (PenMod). The PIA concluded that some personal information is involved in Release 1.0.
The privacy risks identified in the Privacy Impact Assessment of Release 1.0 PenMod are rated "Low" in severity. Implementation of the mitigation mechanisms described in the Privacy Risk Management Plan below will alleviate these concerns.
Public Works and Government Services Canada (PWGSC) is the administrative authority for the disbursement of pay and pension services under the Department of Public Works and Government Services Act. PWGSC is responsible for the administration of pension plans for public servants governed under the Public Service Superannuation Act (PSSA), and for the administration of the respective pension plans for the Members of Parliament, Federal Judges, the Diplomatic Corps, and the Lieutenant Governors. The Department also provides pension services, on a cost recovery basis to the military members of the Department of National Defence (DND).
The Government of Canada Pension Modernization Project (GCPMP) has been established to develop and implement both the business transformation and Information Technology solutions for the renewal of PWGSC pension administration systems and services. The GCPMP will provide a modern pension administration infrastructure through the phased adoption of commercial-off-the-shelf (COTS) software based solutions for both core pension administration and Customer Relationship Management (CRM). The transition to the COTS software based solution will be carried out in concert with a careful plan to transform the pension administration business organization, functions and processes.
The business requirements for PenMod Release 1.0 are focused on the delivery of Customer Relationship Management (CRM) and Case Management tools for SPTCSS Pension Experts in Shediac, New Brunswick. This includes a call center application to handle incoming calls from Clients, a training module, and an identity management component for user authentication and access control.
Agents include SPTCSS Pension Specialists, Client Inquiry, Pension Portability and Executive Services personnel. Approximately half of the staff working in the Client Contact Centre are expected to access and use the R1.0 system.
Clients can be Annuitants (retired members), Contributors (active members), and Employers. There are approximately 250,000 Contributors, and approximately 270,000 Annuitants. Employers are federal government departments and Crown agencies.
The Client will call a 1-800 number with an inquiry or request. There are three categories of 1-800 numbers available for clients to call: an Executive Services number, a general Superannuation number, and an Employer number. Calls received through the Executive number and Teletype (TTY) calls received through the general Superannuation number will be routed directly to a Pension Expert.
General inquiries on the Superannuation number will be routed via an Interactive Voice Response system to an Agent based on availability and skill set. Employer calls will be supported in a future release.
During 2004/2005, 144,750 calls were made to the English and French General 1-800 service numbers by Clients. The number of calls grew in 2006/2007 and is expected to double due to the centralization of additional services to SPTCSS.
The following data elements which constitute personal information are affected as follows:
With Release 1.0, the new functionality will not affect the way personal information is currently being handled or processed. No legacy applications or databases are being discontinued during the operational period for Release 1.0.
The data flow analysis section of the Privacy Impact Assessment identifies and traces personal information from the point of collection to the point where all copies of the information are destroyed or permanently destroyed. The table below represents the personal information involved in the two PenMod Release 1.0 business processes below: "Manage Contacts" and "Manage Correspondence".
Description of Personal Information Element | Collected by |
Type of format (e.g. paper, electronic) | Used by or Disclosed to |
Purpose of Collection | Storage or Retention Site |
---|---|---|---|---|---|
Name
PRI Relationship Address Phone Number Email Address |
Interactive Voice Response (IVR)
Call Monitoring Legacy Annuitant/ |
Phone
Digital Electronic |
Client Inquiry
Executive Services Pension Portability Contributor/ Power of Attorneys/ |
Manage client inquiries/ phone requests by Client Contact Centre |
Pension System
Universal Client Management (UCM) Customer Relationship Management (CRM) IVR system data store |
Name
Address Form Letter Details |
System generated correspondence printed in a centralized area in SPTCSS or locally for an Agent to complete prior to mailing | Paper | Print Fulfillment Operator
Agent Management Employers1 External Stakeholders2 |
Manage outgoing mail | Annuitant/ Contributor Legacy Systems Pension System UCM |
Section 6 of the Privacy Impact Assessment identifies PenMod Release 1.0 privacy risks and potential risk mitigation strategies. The table below summarizes that information:
Element | Nature of risks | Level of risks | Proposed Mitigating Mechanisms |
---|---|---|---|
Potential Unauthorized Disclosure of Private Information | Inappropriate access
Disclosure of personal information to unauthorized persons |
Low | Continue to provide training to Agents
Implement periodic audits of calls to monitor Refresher training on privacy issues |
Capturing Personal Identifier Data Over IVR | Inappropriate access
Compromise of personal information to unauthorized persons |
Low | PRI or SA is not related to or stored with a name in the IVR |
Compliance with Privacy Act (section 5 (2)) | This new telephony services may not provide callers with consistent access to the Privacy Policy and Statement for pension services | Low | Callers will be instructed to obtain the Privacy Statement either via the existing website or to wait for an Agent
Develop a standard, generic Privacy Statement for all channels |
The privacy risks identified in the Privacy Risk Management Plan are evaluated as "Low" in severity. PWGSC has examined the impacts and has proposed appropriate mitigation strategies for the identified privacy risks associated with Release 1.0 of PenMod.
Most notably, the use of the IVR highlighted a concern about the entry of a PRI or SA number. The IVR system merely uses these numbers to direct the call and not to display any specific information on the Agent's screen. Agent's scripts will prompt the Agent to collect identification information from the caller and authenticate the caller using data held in legacy systems.
The proposed mitigating mechanisms for the identified privacy risks indicate a continued commitment by the Crown in ensuring the confidentiality and privacy of the personal information collected from individuals.
1Employers currently play an integral role in the delivery of pension services. (Back to note 1)
2Canada Revenue Agency *(CRA), Canada Pension Plan/Human Resources and Skills Development Canada (CPP/HRSDC), Quebec Pension Plan (QPP), Revenue Quebec, Treasury Board, House of Commons, Office of the Superintendent of Financial Institutions (OSFI), Auditor General, Bank of Canada (Canada Savings Bonds), Canadian Payments Association (via Direct Deposit Interface System (DDIS), Royal Canadian Mounted Police (RCMP), British Columbia (BC) Medicare, Quebec Blue Cross, SunLife, non-RPS Separate Employers and Crown Corporations, United Way, Federated Superannuates National Association (FSNA). (Back to note 2)