The publication of this summary of the Privacy Impact Assessment (PIA) will help to assure employees of the Federal government that the Government of Canada has undertaken significant measures to maintain the privacy of their personal information provided while using the Translation Bureau Integrated Information System (IIS) of PWGSC.
The Privacy Impact Assessment Policy requires that the PIA completed for the IIS application be provided to and reviewed by the Office of the Privacy Commissioner (OPC). With the formal review process now complete, the response from the OPC has confirmed that, with the commitments given to address specific privacy concerns raised in the PIA, the OPC is satisfied that the IIS poses few material privacy risks to Canadians. The Privacy Risk Management Plan addresses all privacy concerns raised in the PIA and additional communications with the OPC in a satisfactory and appropriate manner.
The Privacy Impact Assessment for the IIS identifies 5 privacy concerns that can be mitigated by implementing the recommendations in the Privacy Risk Management Plan. The privacy risks identified are all considered low in severity, relating mostly to process documentation.
The Integrated Information System is a mission-critical, web-based order-entry application used by all sectors of the Translation Bureau and its Federal government Clients, including the House of Commons and Senate. IIS facilitates the submission and delivery of translation and linguistic services. The application is used to streamline and optimize the Bureau’s business processes such as workflow management, tracking incentives for translators, and improving services to its client communities (i.e. Order management). IIS is also the data source that feeds the Translation Bureau Billing System.
IIS is hosted on a series of servers located behind a firewall at PWGSC's Aviation Parkway Data Centre. Clients connected to the Translation Bureau network are connected through the Government's Secure Channel Network (SCNET) to the secure infrastructure. The IIS application is only available on SCNET.
The Oracle 9i database server authentication and authorization have been applied so that only the Database Administrator and the IIS application servers have access to the data. No other direct access to the database is viable. The IIS application is accessible only through an encrypted communication port (Secure Socket Layer version 3 - SSLv3) and only authenticated users have access to the application.
Clients of Government departments wishing to use IIS for the purpose of submitting translation or linguistic Orders, must first be registered in IIS. During the registration process, users are asked to enter information such as their name, language for correspondence, telephone number, address, mailing address (if different), and email address. Once successfully registered, users (i.e. known as Contacts) are permitted to use IIS and submit Orders. In addition, Contacts are able to access their registration information at any time and make changes to it.
The information collected from Clients is not viewed as personal information under the meaning of section 3 of the Privacy Act.
For all Bureau employees, it is the responsibility of the employee’s supervisor (i.e. manager) to create the employee’s profile in IIS and must:
Notes
The only personal information collected by IIS pertains to Translation Bureau employees (i.e. users identified as internal resources). The information is: name, Personal Record Identifier (PRI), the time spent on specific tasks and projects, and the language preference of employees.
The employee name, PRI and working hours are passed on to the IIS Incentive and Billing modules in order to: manage resources, determine employee monetary incentives (if applicable), and to bill Clients. The language for correspondence is used by the application to correspond with the user in the language of his/her choice.
Once an Order (i.e. document to be translated) has been received and estimated, the work is assigned to an available internal resource, and the internal resource carries out the work.
All persons identified as internal resources, must complete a timesheet for each project completed (i.e. Order) and/or task performed.
After all tasks associated with an Order are completed, verified and approved, the Order is closed and flagged ready for billing. The billing information is extracted monthly to the Translation Bureau Billing System.
As per the Treasury Board of Canada Secretariat Common Look and Feel (CLF) guidelines, a link to PWGSC’s Government of Canada Privacy Notice is accessible to all users of the IIS application. This notice summarizes the privacy policy and practices of PWGSC’s web sites.
In addition, IIS provides a Privacy Notice Statement outlining the specific purposes for the collection of personal information and the authority for doing so. This notice is presented to all internal resources upon their first successful login only.
The IIS Privacy Notice Statement describes the purpose of collection, use, and disclosure of all personal information obtained by the site, and the Personal Information Bank (PIB) where the information is securely stored. The IIS Privacy Notice summarizes the privacy policy and practices adhered to on the site.
Once internal resource users have read the notice, they are asked to proceed to the application. Consent to collect personal information is not required from the employee, as the information is required to enable the management of resources, the billing of clients, and the payment of incentives to employees in accordance with the Memorandum of Understanding between the Treasury Board of Canada and the Canadian Union of Professional and Technical Employees respecting the Financial Incentives Plan for the Translation Bureau.
As mentioned above, the only personal information collected by the IIS pertains to users identified as internal resources (i.e. Translation Bureau employees). The employee name, PRI and working hours are passed on to the IIS Incentive and Billing modules in order to: manage resources, determine employee monetary incentives (if applicable), and to bill Clients. The language for correspondence is used by the application to correspond with the user in the language of his/her choice.
The information collected from Clients is not viewed as personal information under the meaning of section 3 of the Privacy Act.
Description of personal information cluster |
Collected by | Type of format (e.g. paper, electronic) | Used by | Purpose of collection | Disclosed to | Storage or retention site |
---|---|---|---|---|---|---|
Employee data:
|
|
|
|
|
|
|
The privacy concerns, risks and recommended mitigation strategies identified in the IIS Privacy Impact Assessment are summarized in the table below.
Issue | Nature of Risk | Mitigation Actions | |
---|---|---|---|
1 | There is no Personal Information Bank registered with the TBS for inclusion in InfoSource. | Individuals will not be aware of the existence of this PIB and of their right to access the information. | A draft PIB has been submitted to TBS for review and inclusion in InfoSource. |
2 | The recommendations identified in the TRA are not fully implemented. | There is a risk that the safeguards for access to and protection of personal information may not be addressed. | The TRA has been finalized and the recommendations thereof are being implemented. In addition, a Certification Work Plan has been prepared and will be carried out. |
3 | Security procedures and contingency plans are still to be documented. | There is a risk that the custodian will not have security procedures in place to safeguard the personal information. | Ensure that the custodian is aware of this requirement and that the necessary steps are taken to define and document security procedures and contingency plans. |
4 | Documentation of the contingency plan and procedures to identify and respond to security and/or privacy breaches is not complete. | If contingency plans and procedures are not documented there is a risk that security and/or privacy breaches and disclosures in error may not be identified and corrected. | Departmental policies dealing with the reporting of security breaches are being revised to incorporate procedures to respond to privacy breaches. |
5 | Users are not advised to keep their access codes confidential. | Users may provide their access codes to others, which may jeopardize their personal information. | A notice to reflect this requirement is now displayed on the application’s logon screen. |