Transparency

Description: The activity was an accessibility survey that was hosted on PRPA’s website to fulfill the public consultation requirements of the Accessible Canada Act.

Why a privacy impact assessment was completed: A privacy impact assessment was completed to evaluate the potential risks to the protection and use of personal information provided in the survey.

Additional Information: The following risks were identified and mitigated: identification through survey responses, long term use of information, and records retention.

Related personal information banks: No personal information banks were used for the program as it did not collect identifiable personal information.

Description: The Employee Engagement Survey is an annual survey conducted to gather information from staff on work related concerns.

Why a privacy impact assessment was completed: A privacy impact assessment was completed because personal information was being used for an administrative purpose.

Additional Information: The following risks were identified and mitigated: re-identification risks (mitigated by a reminder to provide anonymous responses) and data protection risks (mitigated by IT safeguards).

Related personal information banks: As the survey is intended to be anonymous and does not collect identifiable personal information, no personal information bank is applicable.

Description: The activity is necessary to meet the requirements of the Employment Equity Act. A self-identification questionnaire was filled out by employees, and collected data was uploaded to the federally mandated Workplace Equity Information Management System (WEIMS).

Why a privacy impact assessment was completed: A privacy impact assessment was completed to assess the privacy risks associated with the activity as it pertains to personal information.

Additional Information: The following risks have been identified and mitigated: long-term use of information, records retention, and privacy training.

Related personal information banks: Employment Equity and Diversity PSE 918

Description: Use of an online travel booking platform to facilitate organizational travel needs. The platform will help ensure travel complies with corporate policy, and reduce the number of personal expense claims by making use of direct billing to the corporation. The platform also improves the protection of personal information by centralizing it to one system.

Why a privacy impact assessment was completed: A privacy impact assessment was completed to assess and mitigate privacy risks associated with the personal information collected and used by Melon.

Additional Information: The following risks have been identified and mitigated: indirect and direct collection of personal information, protection of personal information, notification and consent, and accuracy of personal information.

Related personal information banks: Travel PSU 909

Description: To manage files by use of the information management software system, M-Files.

Why a privacy impact assessment was completed: A privacy impact assessment was completed to develop an informed assessment of the privacy risks associated with the personal information collected and stored in M-Files, and to inform mitigation of any identified privacy risks to an acceptable level.

Additional Information: The following risks have been identified and mitigated: access to personal information, protection of personal information, and accuracy of personal information.

Related personal information banks: PSU 919 Members of Boards, Committees and Councils, PRPA PPU 005 Legal Dispute & Complaint Handling

Description: The program is an Online Port Pass Application System that will replace the existing email and paper-based system. The online, web-based system will support decisions to grant, deny, revoke, or review security clearance and site access, and to maintain information relating to the issuance, use, and cancellation of identification cards and access passes. The access passes will be for PRPA employees, external contractors, tenants and their employees, or any other persons needing access to facilities on lands owned or managed by PRPA.

Why a privacy impact assessment was completed: A privacy impact assessment was completed to assess and mitigate privacy risks associated with the personal information collected and used by the Online Port Pass Application System, and to inform mitigation of any identified privacy risks to an acceptable level.

Additional Information: The following risks have been identified and mitigated: accountability for privacy concerns, indirect and direct collection of personal information, protection of personal information, and notification and consent.

Related personal information banks: Personnel Security Screening PSU 917, Physical Access Controls PSU 907

Description: The program is a customizable cloud-based solution to help manage stakeholder and public communications, monitor media/social media activity and trends, and generate reports on PRPA’s stakeholder and public engagement.

Why a privacy impact assessment was completed: A privacy impact assessment was completed to assess and mitigate privacy risks associated with the personal information collected and used by the Quorum software.

Additional Information: The following risks were identified and mitigated: protection of personal information, retention and disposal of personal information.

Related personal information banks: Public Communications PSU 914, Outreach Activities PSU 938

Description: The program is a cloud-based security management system, TrackTik, which is used for creating security incident reports at PRPA to help investigate, track, and resolve security incidents.

Why a privacy impact assessment was completed: A privacy impact assessment was completed to develop assess and mitigate privacy risks associated with the personal information collected and used within TrackTik, and to inform mitigation of any identified privacy risks to an acceptable level.

Additional Information: The following risks have been identified and mitigated: indirect and direct collection of personal information, protection of personal information, consent, and retention and disposal of personal information.

Related personal information banks: Security Incidents and Privacy Breaches PSU 939

Description: The program is a software human resources management system for managing payroll, timecards, employee leave, performance management, and recruitment.

Why a privacy impact assessment was completed: A privacy impact assessment was completed to assess and mitigate privacy risks associated with the personal information collected and used within UKG.

Additional Information: The following risks have been identified and mitigated: protection of personal information, consent, retention and disposal.

Related personal information banks: Employee Personnel Record PSE 901, Pay and Benefits PSE 904, Applications for Employment PSU 911, Attendance and Leave PSE 903, Discipline PSE 911, Employee Performance Management Program PSE 912, Human Resources Planning PSU 935, Employment Equity and Diversity PSE 918, Evaluation PSU 942, Personnel Security Screening PSU 917, Relocation PSU 910, Staffing PSE 902, Training and Development PSE 905