Privacy Impact Assessment of the Investigations Directorate Information Management System (IDIMS)
Government institution: Office of the Commissioner of Lobbying (OCL)
Head of the Government institution: Nancy Bélanger, Commissioner of Lobbying
Executive of the program or activity: François Bertrand, Director, Corporate Services
Name and description of the program or activity
The Investigation Directorate Information Management System (IDIMS) stores data related to the review and investigation of individuals suspected of breaching the Lobbying Act (Act) or the Lobbyists’ Code of Conduct (Code), requesting an exemption to the five-year prohibition on lobbying, and compliance verifications. The information contained in the system is “PROTECTED B” and is not released to the public, unless under specified dispositions under the Act, such as a referral to a peace officer for further prosecution if the commissioner believes on reasonable grounds that an offence under the Act has occurred, or a report on investigations tabled in Parliament.
Legal Authority for the program or activity
Personal information is collected under the Lobbying Act, the Lobbyists Registration Regulations and the Designated Public Office Holder Regulations.
Personal information bank
RDA Number: 2012/006
Related Record Number: OCL RAIN 040
TBS Registration: 20110256
Bank Number: OCL PPU 040
Description of the project, initiative or change
The Office of the Commissioner of Lobbying (OCL) is responsible for maintaining compliance with the Lobbying Act and the Lobbyists’ Code of Conduct. To deliver part of its mandate, the OCL has created a case management system based on Microsoft Dynamics and SharePoint. The solution is the Investigation Directorate Information Management System (IDIMS). IDIMS stores data related to the review and investigation of individuals suspected of breaching the Act or the Code, requesting an exemption to the five-year prohibition on lobbying, and compliance verifications. The information contained in the system is “PROTECTED B” and is not released to the public, unless under specified dispositions under the Act, such as a referral to a peace officer for further prosecution if the commissioner believes on reasonable grounds that an offence under the Act has occurred, or a report on investigations tabled in Parliament.
The OCL is considering expanded access to this system within the OCL to Client Services Advisors, who are responsible for assisting lobbyists with registration, based upon the need to know principle and to improve efficiency and decision making. The scope of the expanded access to IDIMS is to allow the Registration Unit to know whether an individual is the subject of a review or investigation along with limited and specific information, which is still to be determined.
In May of 2020, the Office of the Commissioner of Lobbying completed a Privacy Impact Assessment (PIA) of its Investigation Directorate Information Management (IDIMS) system and the data it contains through the services of RHEA Inc. The work entailed determining the level of sensitivity associated with IDIMS. The PIA entailed an evaluation of the data flow of all the information collected in the course of a review or investigation and stored in IDIMS.
Risk identification and categorization
Type of program or activity
| Type of program or activity | Level of risk to privacy |
|---|---|
| Program or activity that does NOT involve a decision about an identifiable individual Personal information is used strictly for statistical / research or evaluations including mailing list where no decisions are made that directly have an impact on an identifiable individual. The Directive on PIA applies to administrative use of personal information. The Policy on Privacy Protection requires that government institutions establish an institutional Privacy Protocol for addressing non-administrative uses of personal information. |
1 |
| Administration of Programs / Activity and Services Personal information is used to make decisions that directly affect the individual (i.e. determining eligibility for programs including authentication for accessing programs/services, administering program payments, overpayments, or support to clients, issuing or denial of permits/licenses, processing appeals, etc…). |
2 |
| Compliance / Regulatory investigations and enforcement Personal information is used for purposes of detecting fraud or investigating possible abuses within programs where the consequences are administrative in nature (i.e., a fine, discontinuation of benefits, audit of personal income tax file or deportation in cases where national security and/or criminal enforcement is not an issue). |
3 |
| Criminal investigation and enforcement / National Security Personal information is used for investigations and enforcement in a criminal context (i.e. decisions may lead to criminal charges/sanctions or deportation for reasons of national security or criminal enforcement). |
4 |
Type of personal information involved and context
| Type of personal information involved and context | Level of risk to privacy |
|---|---|
| Only personal information provided by the individual – at the time of collection –- relating to an authorized program and collected directly from the individual or with the consent of the individual for this disclosure / with no contextual sensitivities. Information collected directly from the Subject of Investigation (SOI) that is stored in the Lobbyist’s Registration System is entered into the IDIMS when that lobbyist becomes a SOI. |
1 |
| Personal information provided by the individual with consent to also use personal information held by another source / with no contextual sensitivities after the time of collection. During an investigation or at the end of it and before an investigation is concluded the SOI may be interviewed and/or provide written input to express their views on the outcome of an investigation. |
2 |
| Social Insurance Number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual. An investigation may include records of financial transactions relating to the SOI, their employer or client as well as professional resumes. Social Insurance Numbers are not captured. |
3 |
| Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive. As this is an information system that is for investigation purposes, the information is not necessarily gathered directly from the individual involved except for those Designated Public Office Holders (DPOH) who are requesting an exemption under the Act and when the SOI is allowed to comment on the results of an investigation and provide their point of view. Rather information is gathered from a complaint (usually a 3rd party source), public records, such as website information, and from investigative powers where evidence is requested (such examples are but not limited to emails or records of appointments with Members of Parliament or Senators). The IDIMS may also contain financial records and resumes of the SOI. |
4 |
Program or activity partners and private sector involvement
| Program or activity partners and private sector involvement | Level of risk to privacy |
|---|---|
| Within the institution (amongst one or more programs within the same institution) The OCL is planning to expand access to IDIMS to the Registration and Client Registration Unit. The Registration Unit will be able to query IDIMS and determine the status of a preliminary assessment or investigation. This is to support the Registration Units activity of handling phone calls from the public and SOIs and for the Investigations Directorate to know if a subject of a review or investigation has contacted the OCL. |
1 |
| With other federal institutions If the Commissioner finds that there are reasonable grounds that a person has committed an offence under the Act, then the case is referred to a peace officer having jurisdiction to investigate the alleged offence. Under such circumstances, the OCL will send over a report that will summarize the case, indicate the nature of the evidence gathered, and provide the evidence. The peace officer then must use proper investigative proceedings such as obtaining warrants for them to gather their evidence and conduct their investigation to determine if charges are warranted. |
2 |
| With other or a combination of federal/ provincial and/or municipal government(s) | 3 |
| Private sector organizations or international organizations or foreign governments For Code Investigations information is shared with SOI or their legal counsel. |
4 |
Duration of the program or activity
| Duration of the program or activity | Level of risk to privacy |
|---|---|
| One-time program or activity Typically involves offering a one-time support measure in the form of a grant payment as a social support mechanism. |
1 |
| Short–term program A program or an activity that supports a short-term goal with an established “sunset” date. |
2 |
| Long-term program Existing program that has been modified or is established with no clear “sunset”. The IDIMS and the related investigative powers of the OCL are an established program with no sunset date. |
3 |
Program population
| Program population | Level of risk to privacy |
|---|---|
| The program affects certain employees for internal administrative purposes. | 1 |
| The program affects all employees for internal administrative purposes. | 2 |
| The program affects certain individuals for external administrative purposes. The program affects former DPOHs and registered or unregistered lobbyists and potentially corporations or organizations such as private sector for profit or non-profit organizations. |
3 |
| The program affects all individuals for external administrative purposes. | 4 |
Technology and privacy
| Technology and privacy | Risk to privacy |
|---|---|
| Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information? Program and system modification were completed on October 26, 2019. This version removed the Administrative Review function as it was deemed no longer necessary. |
Yes |
| Does the new or modified program or activity require any modifications to IT legacy systems and / or services? Existing system was upgraded to render the Administrative Review function as inactive. |
Yes |
| Technology and privacy | Risk to privacy |
|---|---|
| The new or modified program or activity involve the implementation of one or more of the following technologies: | |
| Enhanced identification methods This includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc…) as well as easy pass technology, new identification cards including magnetic stripe cards, “smart cards” (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic). |
No |
| Use of Surveillance This includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices, RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc. |
No |
| Use of automated personal information analysis, personal information matching and knowledge discovery techniques For the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, cull, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behaviour. Identify the applicable category(ies): Currently IDIMS (using Microsoft Dynamics and SharePoint) has no other linkages to any other systems within the OCL. That said it is noted that the OCL plans to log calls in IDIMS (the fact that the call happened, the reason for the call and a call summary) whether or not the call was with an SOI. (e.g. a lobbyist who is properly registered). The call routing system (EPAS) is used to record calls and keep them only for 3 months. Calls are only kept for training and quality control. This information is announced to the caller before the call is routed to a Client Services Advisor. There are two manners in which this could be completed, one is an automated look up and match against the incoming telephone number and the second is a logging of the call through manual identification of the SOI by the Client Services Advisor. It is also planned that the IDIMS will have the ability to query the Lobbyists Registration System so that an investigator can automatically pull in the details of a registered lobbyist who becomes a SOI. |
Yes |
A "yes" response to any of the above indicates the potential for privacy concerns and risks that will need to be considered and if necessary mitigated.
Comments
With respect to the changes to the current system released in October 2019, the OCL used to perform Administrative Reviews. This process has been discontinued and the feature has been removed from the IDIMS and has been replaced by Preliminary Assessments.
Currently the system is only accessed by those individuals in the OCL that are members of the Investigations Directorate. It is planned to provide Client Services Advisors with limited access to query a SOI, but also for the system to be used to record the results of all calls received by Client Services, whether the caller is an SOI or not. This expansion of the recording of all calls, is a privacy risk. The privacy risk is that it may violate the principle of limiting collection to gathering and recording only the necessary information for the specific individual as it relates to the Commissioner’s investigative powers under that Act. Recording a call made an individual who is for example requesting registration information to support their timely registration as a lobbyist potentially violates the mandate of the system. In other words, what legitimate reason is there for recording a call in the IDIMS on an individual who is not the subject of an investigation or has not requested exemptions a former DPOH. All staff have Secret clearances which is sufficient as a pre-requisite to access information. The rest of the access is to be based upon the need to know principle. In other words, expanded access to Client Services Advisors would be based upon Role Based Access and implementation of need to know, which would limit the Client Services Advisors only to sufficient information about a SOI that is relevant to the work the Client Services Advisor performs.
With respect to the expanded access where Client Services Advisor can look up a SOI this must be implemented carefully. The Act states that investigations must be conducted in private. As a result, the OCL will not confirm or deny any ongoing investigation and further to not disclose any information until the investigation or all related proceedings are complete. Therefore, while allowing Client Services Advisor to look up and see if an individual (registered or unregistered lobbyist) is a SOI, training must also be provided to the Client Services Advisor so that they do not reveal an investigation is ongoing. This is crucial to supporting the mandate of the Act, compliance with confidentiality provisions of the Act, and to the protection of a SOI.
As part of the implementation the OCL will have to consider that investigations could be in one of four (4) phases/status. The first is a preliminary assessment to see if an allegation is within the mandate and jurisdiction of the Commissioner to investigate. Many cases conclude after the preliminary assessment, and the case is closed. These cases should be revealed to the Client Services Advisor because it can lead to improved decision making by the Client Services Advisor. Likewise, a Client Services Advisor can share with an Investigator the summary of a telephone call, which may lead to the Investigator being able to resolve and investigation faster.
Once an investigator completes a preliminary assessment and recommends initiating an investigation (second phase/status) the Client Services Advisor should be made aware of the investigation, so that they may be careful in the information they provide, should the SOI call. Training though is required that puts the Client Services Advisor through call scenarios with a SOI so that they can be better prepared to direct the conversation. It is important that the Client Services Advisor treat the call with the SOI in such a manner that the Client Services Advisor does not reveal the fact that there is an ongoing investigation.
A second status is a compliance investigation. This occurs when there has been some violation of the Code, usually minor, and the Commissioner has informed the SOI of the violation and the need for compliance monitoring. Compliance monitoring is a 12-month period. Cases with this status should be made available to the Client Services Advisor.
The third phase/status of an investigation is a referral to the peace officer for a violation under the Act which can be potentially prosecuted through the courts. In such a situation, OCL prepares a brief, describes the nature of the evidence, provides the evidence to peace officer, and suspends the investigation as required under the Lobbying Act. The peace officer may conduct an investigation using their law enforcement techniques (such as interviews with sources, SOI to obtain their point of view, and obtain court warrants for gathering or search and seizure of evidence). Client Services Advisors should know that a case is in this status as well and does need to be trained through scenarios to avoid revealing the fact that there is an ongoing investigation.
The fourth status is the case may be at a point where the SOI has the opportunity to present their views on the investigation. The OCL may choose to allow Client Services Advisors to see cases in this status depending on operational requirements and need to know principles.
With the expanded internal access planned, requests for exemptions by DPOHs should be made available to Client Services Advisors. In implementing this access policy must be developed as to whether the Client Services Advisor can answer questions about the status of the exemption request.
Personal information transmission
| Personal information transmission | Level of risk to privacy |
|---|---|
| The personal information is used within a closed system. No connections to Internet, Intranet or any other system. Circulation of hardcopy documents is controlled. |
1 |
| The personal information is used in system that has connections to at least one other system. | 2 |
| The personal information is transferred to a portable device or is printed. USB key, diskette, laptop computer, any transfer of the personal information to a different medium. A report is produced for anything that is tabled in Parliament as well as any investigation that is referred to a peace officer. The report is written by the investigator and approved by the Commissioner prior to securely sending it to a peace officer – Usually secure courier or hand delivery, with a copy of the report and supporting evidence provided on paper or electronically on a USB key. |
3 |
| The personal information is transmitted using wireless technologies. | 4 |
Risk impact to the institution
| Risk impact to the institution | Level of risk to privacy |
|---|---|
| Managerial harm Processes must be reviewed, tools must be changed, change in provider / partner. |
1 |
| Organizational harm Changes to the organizational structure, changes to the organizations decision-making structure, changes to the distribution of responsibilities and accountabilities, changes to the program activity architecture, departure of employees, reallocation of HR resources. |
2 |
| Financial harm Lawsuit, additional moneys required, reallocation of financial resources. Should the system be breached or information from the system be leaked, be it a closed file or during an ongoing investigation, it would cause harm to the SOI and as a result may lead to a lawsuit by the SOI to clear their name. |
3 |
| Reputation harm, embarrassment, loss of credibility Types of reputational harm, embarrassment or loss of credibility to consider are: decrease confidence by the public, enhance scrutiny of decisions makers, institution strategic outcome compromised, government priority compromised, impact on the Government of Canada Outcome areas. Specifically, for this program, and the OCL, a breach or leak from the system of either one or more records would cause reputational harm to the OCL and hinder the ability to conduct future investigations. It could decrease confidence in the OCL capability to protect personal information and carry out the duties and powers it has under its Act. Such a breach or leak could have a reputational impact on any POHs, including elected officials, who have been witnesses or have been in communications with the SOI. |
4 |
Risk impact to the individual or employee
| Risk impact to the individual or employee | Level of risk to privacy |
|---|---|
| Inconvenience | 1 |
| Reputation harm, embarrasment | 2 |
| Financial harm The leak of information from the system about an investigation into a SOI could cause reputational harm that could impact the SOI ability to attract future clients or maintain their employment as a lobbyist. As well there is also the potential for individual harm to public office holders, including elected officials. |
3 |
| Physical harm | 4 |
Recommendations
1. Principle: Accountability for Personal Information
No issues with accountability for Personal Information, however, the OCL has adopted new position titles that affect the Privacy Delegation Order.
Recommendation
The OCL publish a new Privacy Delegation order that reflects the correct titles of the positions within the organization that have delegation authority under the Access to Information Act and Regulations and the Privacy Act Regulations.
2. Principle: Collection of Personal Information
The current version of the PIB that accurately reflects the program activity and the use of the system and information is on the website of the OCL. The collection of personal information is in accordance with the Act and the PIB. The PIB accurately describes the nature of the information maintained in the system and identifies the nature, purpose and intent of the collection along with consistent uses.
Recommendation
PIBs were officially recorded in what was formerly known as Info Source. This has been renamed by Treasury Board Secretariat as “Information about programs and information holdings”. Through this page on Treasury Board Secretariat’s website, it provides a list of links to personal information bank descriptions that are now maintained by each department, agency or organization of the federal government. When checking this link, an error page appears for the OCL. The OCL must ensure that this link actually refers to the page on the OCL website titled “Class of records and personal information banks”. Currently (as of May 12, 2020 the link on Treasury Board Secretariat’s website both English and French have a 404 error indicating that the link is broken. The OCL needs to correct this with Treasury Board Secretariat.
3. Principle: Consent
Given the authority provided by the Act, consent from the subject of the investigation (SOI) or source is not required. The Act provides the OCL with the authority to collect information indirectly on a SOI. The analysis of the PIA identified no issues with respect to Consent.
4. Principle: Limiting collection
Opening up the use of IDIMS to the recording of all calls by any person by Client Services may violate the principle of limiting collection.
Recommendation
Prior to expanding access to Client Services, the OCL must request clarification from the Office of the Privacy Commissioner regarding the specific use case of recording all calls received by Client Services in the IDIMS specifically for the situation where the individual has not presented a reason to be in the IDIMS in the first place.
5. Principle: Limiting use disclosure and retention of personal information
Issue: Planned expanded access to Client Services Advisors. Expanding the access to allow the Client Services Advisors to know if a person is a SOI should be permitted to allow exchange of information between Client Services Advisors, who are frontline workers, and investigators to increase efficiency in decision making.
Recommentation
When implementing expanded access to allow for the logging of calls against a SOI by the Client Services Advisors the need to know principle must be applied and the Advisors will require scenario training for when they search the system to see if the caller is a SOI. If the caller is a SOI, then the Client Services Advisor needs to be trained on how to answer the questions of the SOI without revealing that an investigation is occurring. That said, if the Client Services Advisor is responding to a person who has requested an exemption, then it should be revealed to the Client Services Advisor that the SOI is in the system because they have requested an exemption and the Client Services Advisor should at least be able to know the status of the exemption request. Whether or not the Client Services Advisor can provide a status update to the former DPOH requesting the exemption needs to be part of the training and policy surrounding the expanded access.
Recommendation
The
Recommendation
The
6. Principle: Accuracy of personal information
Issue: DPOHs who request an exemption need to be provided the ability to update their information with the OCL.
Recommendation
This must be considered when developing procedures to accompany the planned expanded access to Client Services Advisors.
7. Principle: Safeguarding personal information
Issue: A Threat and Risk Assessment has not been conducted on the system.
Recommendation
The OCL engage a security company to conduct a full Threat and Risk Assessment against the system and develop an appropriate security control profile commensurate with the sensitivity of the data contained in the system and gravity of a breach.
Issue: The OCL does not have a data breach remediation plan.
Recommendation
The OCL must develop a data breach and response plan that is compliant with government policy.
8. Principle: Openness
Issue: Publishing a summary of this Privacy Impact Assessment on their website.
Recommendation
That the OCL’s annual Report on the Privacy Act for 2020 include a summary of this Privacy Impact assessment.
Otherwise, the OCL is compliant with the principle of Openness while adhering to their Act.
9. Principle: Individual's access to personal information
No issues have been identified with respect to individual access to information.
10. Principle: Challenging compliance
No issues have been identified with the principle of challenging compliance. The OCL has kept their accountability reports section of their website up to date and provides a info lobbying email address along with telephone numbers in their annual report published on their website. It is relatively easy for an individual to make an inquiry to challenge the OCLs compliance to the 10 privacy principles.
Report a problem on this page
- Date modified: