Language selection

Management Response and Action Plan – Privacy Impact Assessment of the Investigations Directorate Information Management System

December 2020

Background

In December of 2019, the Office of the Commissioner of Lobbying (OCL) retained the services of the RHEA Group to conduct a Privacy Impact Assessment (PIA) of the Investigations Directorate Information Management System (IDIMS). The final report was completed in May 2020.

Objective

The objective of this document is to present the management response and action plan based on the recommendations made in the PIA of IDIMS.

Recommendation #1:

Update the Privacy Delegation Order.

Action Responsible official Target completion date
Revise the Privacy Delegation Order to reflect the correct title of the position within the organization that has the delegated authority under the Access to Information Act and the Privacy Act. Commissioner of Lobbying Completed October 30, 2020

Recommendation #2:

Update the website links for the Personal Information Bank.

Action Responsible official Target completion date
Contact Treasury Board Secretariat to have them update their website to repair broken web links. Director, Policy, Planning and Public Affairs Completed July 6, 2020

Recommendation #3:

Clarify that expanding the use of IDIMS is permissible to collect information not for the purpose of an investigation.

Action Responsible official Target completion date
Communicate with the Office of the Privacy Commissioner to obtain clarification regarding the specific use of the information obtained from all calls received by Client Services which would be collected in IDIMS. Director, Corporate Services March 31, 2021

Recommendation #4:

Provide specific training to the Registration and Client Services division on how to deal with individuals who are subjects of a review or investigation. (Anticipatory)

Action Responsible official Target completion date
Develop and provide specific training for the Client Services advisors on the use of the information stored in IDIMS. Director, Corporate Services This training will be provided if the OCL decide to connect its call routing systems to IDIMS.

Recommendation #5:

Complete a Threat and Risk Assessment of IDIMS.

Action Responsible official Target completion date
Complete a Threat and Risk Assessment of IDIMS. Director, Corporate Services July 30, 2021

Recommendation #6:

Include the results of this Privacy Impact Assessment (PIA) in the OCL Annual Report on the Privacy Act, and publish the PIA on the OCL’s website.

Action Responsible official Target completion date
1. Include results of this PIA in the 2020-2021 OCL annual report on the Privacy Act. Director, Corporate Services 1. Within 15 days on which that House is sitting after September 1, 2021
2. Update the website with the results of this PIA. 2. April 13, 2021

Approval

The Management Response and Action Plan was approved by the members of the Executive Management Committee on December 3rd, 2020.

Date modified: