Management Response and Action Plan – Privacy Impact Assessment of the Investigations Directorate Information Management System
December 2020
Background
In December of 2019, the Office of the Commissioner of Lobbying (OCL) retained the services of the RHEA Group to conduct a Privacy Impact Assessment (PIA) of the Investigations Directorate Information Management System (IDIMS). The final report was completed in May 2020.
Objective
The objective of this document is to present the management response and action plan based on the recommendations made in the PIA of IDIMS.
Recommendation #1:
Update the Privacy Delegation Order.
| Action | Responsible official | Target completion date |
|---|---|---|
| Revise the Privacy Delegation Order to reflect the correct title of the position within the organization that has the delegated authority under the Access to Information Act and the Privacy Act. | Commissioner of Lobbying | Completed October 30, 2020 |
Recommendation #2:
Update the website links for the Personal Information Bank.
| Action | Responsible official | Target completion date |
|---|---|---|
| Contact Treasury Board Secretariat to have them update their website to repair broken web links. | Director, Policy, Planning and Public Affairs | Completed July 6, 2020 |
Recommendation #3:
Clarify that expanding the use of IDIMS is permissible to collect information not for the purpose of an investigation.
| Action | Responsible official | Target completion date |
|---|---|---|
| Communicate with the Office of the Privacy Commissioner to obtain clarification regarding the specific use of the information obtained from all calls received by Client Services which would be collected in IDIMS. | Director, Corporate Services | March 31, 2021 |
Recommendation #4:
Provide specific training to the Registration and Client Services division on how to deal with individuals who are subjects of a review or investigation. (Anticipatory)
| Action | Responsible official | Target completion date |
|---|---|---|
| Develop and provide specific training for the Client Services advisors on the use of the information stored in IDIMS. | Director, Corporate Services | This training will be provided if the OCL decide to connect its call routing systems to IDIMS. |
Recommendation #5:
Complete a Threat and Risk Assessment of IDIMS.
| Action | Responsible official | Target completion date |
|---|---|---|
| Complete a Threat and Risk Assessment of IDIMS. | Director, Corporate Services | July 30, 2021 |
Recommendation #6:
Include the results of this Privacy Impact Assessment (PIA) in the OCL Annual Report on the Privacy Act, and publish the PIA on the OCL’s website.
| Action | Responsible official | Target completion date |
|---|---|---|
| 1. Include results of this PIA in the 2020-2021 OCL annual report on the Privacy Act. | Director, Corporate Services | 1. Within 15 days on which that House is sitting after September 1, 2021 |
| 2. Update the website with the results of this PIA. | 2. April 13, 2021 |
Approval
The Management Response and Action Plan was approved by the members of the Executive Management Committee on December 3rd, 2020.
- Date modified: