Audit of the Financial Transactions and Reports Analysis Centre of Canada - page 3

AUDIT REPORT OF THE PRIVACY COMMISSIONER OF CANADA,
2013
1

Table of Contents
Main Points . 3
What we examined. 3
Why it is important. 3
What we found. 3
Introduction. 5
Background. 5
About the audit entity. 5
What we found in our 2009 audit . 6
Focus of the current audit. 6
Observations and Recommendations. 7
Compliance with the Code of Fair Information Practices. 7
Little progress has been made to address over reporting. 7
Criteria for FINTRAC to disclose certain information have been formalized. 14
Use and disclosure practices comply with governing legislation . 14
Current practices continue to contravene the limiting retention principle. 15
Retention policy has not been developed for some records. 16
Safeguarding Personal Information. 17
Management of security and threat and risk assessments has been enhanced. 18
Security procedures not always followed . 19
Privacy Management Program. 20
Accountability for privacy compliance established. 21
Process for identifying privacy risk formalized. 21
Privacy breach guidelines finalized . 21
Privacy awareness training enhanced. 21
FINTRAC’s Compliance Mandate. 23
Inconsistent data minimization practices remain an issue. 23
Quality control lacks privacy component. 25
Additional work is required to ensure consent is meaningful. 25
Revised process mitigates the risks associated with the transmission of personal information . 26
Guidance provided by some regulatory partners continues to encourage over reporting. 27
Conclusion. 29
About the Audit. 30
Appendix 1: Persons or entities covered under PCMLTFA. 32
Appendix 2: Designated information. 33
Appendix 3: List of Recommendations and FINTRAC’s response . 35
1,2 4,5,6,7,8,9,10,11,12,13,...42
Powered by FlippingBook