This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
This document is to facilitate the review of the Privacy Impact Assessment (PIA) Update by: providing context; highlighting key points that show how privacy considerations have been factored into the design, development and implementation of the Corporate Business Intelligence Software (CBIS) and reviewing the status of follow up on the three privacy risk areas and recommendations that were made.
CBIS provides a single window to corporate management information to authorized users within the departments through a web interface. The purpose is to provide a consolidated means of reporting, analyzing and displaying data to improve internal planning and decision-making. CBIS supports a big picture view by providing demographic information at various organizational levels. It also provides data at the level of individuals and transactions.
Currently, the software has the capacity to permit users to access information and create dynamic reports using data that has been extracted from the Human Resources (HRMS), the Financial (SAP) and the Salary Forecasting System (SFS) databases. These databases contain information that has been previously collected from individuals with authority under the Privacy Act. CBIS does not collect information. It delivers information and reports on-line using previously collected data. It is intended to replace a number of stand-alone reporting mechanisms currently in use.
Deployment of CBIS will signify changes to business processes and systems that will re-design information delivery within the departments.
Three privacy risks, considered low to moderate in severity, were identified. Recommendations and initiatives that are either planned or underway to address these risks are highlighted in the relevant sections of this summary document.
Four types of reports have been developed - Organization Profile, Leave Profile, Salary Forecasts and Financial Reporting. The following charts summarize data extracted from HRMS, SAP and SFS that is used to prepare these reports. This data will also be used to generate other information and reports to support human resources and financial reporting and decision-making.
Chart 1: Organization Profile, Leave Balance, and Leave Usage Data Summary (Note: Not yet deployed)
Field Name | Field Name | Field Name |
---|---|---|
Branch |
Pension service start date |
Years of departmental service |
Name |
Department start date |
Years of position service |
Sex |
Position start date |
Average years of public service |
Official language |
Leave type |
Average years in department |
Classification |
Leave carry over |
Average years in position |
Full/part time |
Leave entitlements |
Retirement eligibility without penalty (0-2 years, 2-5 years, >5 years), |
Employment tenure (casual, indeterminate, regular, student, term) |
Leave used/paid |
Average age (when there are more than 5 employees in an occupational group) |
Employee status (active, assignment out, deceased, terminated, leave of absence) |
Current leave balance |
Age range (up to 29 years, 30-39 years, 40-49 years, 50-54 years, 55 years and over), |
Employment type (departmental employee, agency, contractor/consultant, maintenance, messenger, MP staff, other federal department, other government, parliamentary secretary, work experience), |
Years of public service |
Employee counts |
Age |
|
|
CHART 2: Salary Forecasting Data Summary
(Note: Deployed September 2004.)
Field Name | Field Name | Field Name |
---|---|---|
Fiscal year |
Pay action/reason |
Total forecast |
Organization |
Start/end date |
Year-to-date actual amount |
Fund centre |
Next increment date |
To year-end planned amount |
Annual salary budget amount |
Annual salary rate |
To year-end planned FTE usage |
Annual FTE (full-time equivalent) budget |
Annual terminable allowance rate |
Monthly forecast FTE usage |
Reporting object |
Annual bilingual bonus rate |
Monthly forecast amount |
Employee name |
Year-to-date FTE usage forecast |
Monthly actual amount |
Position number |
To year-end FTE usage forecast |
Monthly planned amount |
Classification |
Total FTE usage forecast |
Monthly planned FTE usage |
Employee status (active, leave of absence, etc.) |
Year-to-date forecast amount |
Head count |
Employee tenure (continuing/term) |
To year-end forecast amount |
|
CHART 3: Financial Reporting Data Summary
(Deployed beginning April 2006.)
Field Name | Field Name |
---|---|
Fiscal year |
Annual budget amount |
Organization |
Outstanding commitment amount |
Fund centre |
Actual expenditure amount |
Fiscal period |
Vendor name |
Reporting object (personnel costs, goods and services) |
Description of expenditure/commitment |
Fund |
Budget free balance |
The PIA examined how the software traces, identifies and transforms the above data to produce information and reports. The report concluded that the analysis of this data could possibly generate new facts about employees.
Two recommendations were made:
Follow up:
These recommendations were addressed during the Office of the Privacy Commissioner of Canada's (OPCC) informal review.
PRI or Departmental ID Numbers: The software users personal identifiers to trace and capture previously collected data. They are neither visible nor accessible to end users through the BI Tool. For example:
Retirement Eligibility - The number of years before an employee can retire without penalty is provided using ranges so that employee age cannot be identified.
Age: Information is provided using ranges and averages so that employee age cannot be identified. Age ranges show the age group of an employee. Average age is provided for organization profile reports when there are more than five employees in an occupational group or work unit.
The PIA looked at whether information generated by the tool would be used in a manner consistent with the Privacy Act. Information will be used internally for administration and management of personnel. These uses are consistent with the purpose for which employee information was originally collected.
Since the BI tool extracts data that has been previously collected and entered into HRMS, SAP and SFS, corrections must be made at the level of the source databases. These databases already have established procedures to input and log corrections as well as monitor data for quality assurance.
Two recommendations were made:
Error identification has been identified as a quality assurance requirement to be addressed as part of the deployment of the software. The development of a record with respect to requests has been identified as an outstanding work item. It is anticipated that a process will be developed as an application support unit to log and document corrections as necessary.
An automated access control system,the Access Manager, controls who receives access and the ability to "drill down" to less aggregated data at different organizational levels and "drill through" to the lowest level of detail on individuals.
The Corporate Services Branch (CSB), in keeping with its overall responsibility to manage and protect employee privacy, documented the rules governing access to employee information. These rules underpin the CBIS access control system and mirror current business rules and practices that are based on role, function and need to know in accordance with the provisions of the Privacy Act. Within these parameters, five business rules determine who receives access from the Access Manager – Lead of an Organization, Branch Coordinators/Executive Assistants, Non-managing Executives/ Special Project Advisors, Officers and Administrative Staff.
A premise underlying the development and testing of the access rules was that users would not get access to employee information that they would not otherwise have or to less information than they would receive upon request.
Managers of all corporate management systems control access within CSB to the various corporate systems modules containing employee information. CSB staff is granted access only to those modules containing information needed to carry out specific job functions.
CBIS will provide a self-service environment for direct access to salary and financial information, employee information and demographic data. CSB will continue to manage and safeguard employee information and make corrections to source data as needed by:
The privacy impact assessment will be maintained throughout the CBIS lifecycle
Since information will be directly accessible to users through the BI Tool, they will need guidance on their responsibilities to use and protect employee information under the Privacy Act. This will be accomplished through:
A communications strategy and plan will be developed. Also, the summary of the PIA (this document) is accessible in the on-line reference section of the BI Tool.
System security was considered satisfactory based on the Threat and Risk Assessment that was previously conducted. All users have the necessary clearance to access Protected B information. IT Security Staff and project team representatives also provided additional information to the OPPC during the informal review process.
Three recommendations were made:
The need to document procedures for managing ongoing security and for responding to security breaches or disclosures of information is recognized.
Individual breaches will be investigated and addressed case-by-case depending on the nature and sensitivity of the information disclosed. Managers will be responsible to handle these situations within their delegated authority in consultation with the Staff Relations Section, HRD, and the Security Services Division (CSB).
HRD will follow up with the ATIP Coordinator for guidance.
SSD provided input to the PIA and will follow up accordingly.