Multi–Institutional Privacy Impact Assessment Summary on the 30 Victoria Multi-Tenants Camera and Security System

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Executive Summary

Description of the Project

The new tenants of the 30 Victoria Office Building were mandated by PWGSC Real Property Branch, Major Crown Project Director 2010-2011 to implement an All Tenant Joint Surveillance & Access Control and Identity Management Security System.

The firm Dessau, contracted by Multivesco/PWGSC, prepared a "30 Victoria Consolidated Security Design Brief for base building and shared spaces" that included extensive consultations with multi-tenants as a group and individually. A competitive contract was awarded by Multivesco to Ottawa Security Systems & Communications Ltd. for the project delivery.

In 2014, a multi-tenant 30 Victoria Joint Security Committee (JSC) was implemented to ensure a common and secure approach to the management of the 30 Victoria Multi-tenant Consolidated Security System (30VicMTCSS). The membership lists the Designated Security Officers (DSOs) and Deputy Designated Security Officers (DDSOs) of each participating organization. An MOU was signed by each participating tenant organization identifying shared costs and responsibilities with PWGSC.

System Description

The 30VicMTCSS is the primary physical and identity security system using video surveillance, access control and intrusion detection to secure and protect the tenants' critical assets, such as facilities, classified material, evidence and specialized equipment while providing a safe working environment to employees.

The computer-based security system integrates several technologies, such as panic alarms, intrusion detection, cameras, access control and SmartCards. The security-related personnel information required for the system is currently collected and manually entered into the 30VicMTCSS from information received through the Personnel Security Program (not part of this PIA). Identity management information is presently collected and entered in a separate system creating some partial duplication of information. The activity logs and video surveillance images are collected automatically by the system.

This existing departmental administrative security program (which is not part of the scope of this PIA), through which personal information is being collected for internal use only, will be complemented with the implementation of this system by each organization, if and when required. Information will be for long-term use, within the same institution, and information collected will affect all employees, visitors and contractors.

This security system has been assessed as a Moderate Risk. The system does not have any internet connectivity nor dial-in capability. The system is locked in a cage in a secure room with high level access controls and monitoring.

Purpose and Scope of PIA

The Office of the Chief Electoral Officer (Elections Canada), Parks Canada, the Office of the Information Commissioner of Canada, the Office of the Commissioner of Official Languages, PWGSC Heritage Conservation Directorate and the Office of the Privacy Commissioner are all named in the Schedule (Section 3) Government Institutions to the Privacy Act and are subject to the privacy policies and directives of the Treasury Board of Canada Secretariat (TBS). Institutions subject to the Privacy Act are required to undertake an assessment of the privacy impacts associated with the development or design of new programs or services involving personal information (or when making significant changes to an existing program or service). The present assessment fulfills the requirement to conduct a PIA under the TBS Directive on Privacy Impact Assessments. It also meets the requirements of the OPC's Audit and Review Branch, as set out in Expectations: A Guide for Submitting Privacy Impact Assessments.

The multi-institutional 30VicMTCSS PIA is to perform a high-level assessment of the potential privacy impacts associated with 30VicMTCSS on behalf of all federal tenants of the building located at 30 Victoria Street, that is the Office of the Chief Electoral Officer (Elections Canada), Parks Canada (PC), Office of the Information Commissioner (OIC), Office of the Commissioner of Official Languages (OCOL), PWGSC Heritage Conservation Directorate (HDC) and Office of the Privacy Commissioner (OPC). It includes an evaluation of planned collection activities, a review of core functions of the system, and a high-level assessment of standard investigative functions. The possible sharing of personal information may take place with provincial or federal police enforcement organizations for criminal investigations, to the extent known at the time of drafting, has also been considered.

The 30VicMTCSS PIA does not include a review of specialized or institutional-specific investigative or enforcement activities being undertaken by Enforcement Agencies nor for the Management of Security Incidents. These activities — to the extent that they involve the collection, use or disclosure of personal information — are to be covered in the program PIAs initiated by each individual agencies.

Risk Area Identification and Categorization

a) Type of program or activity Risk scale
Program or activity that does NOT involve a decision about an identifiable individual 1
NO
Administration of program or activity and services 2
NO
Compliance or regulatory investigations and enforcement 3
NO
Criminal investigation and enforcement or national security 4
YES
b) Type of personal information involved and context Risk scale
Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program. 1
NO
Personal information, with no contextual sensitivities after the time of collection, provided by the individual with consent to also use personal information held by another source. 2
YES
Social Insurance Number, medical, financial or other sensitive personal information or the context surrounding the personal information is sensitive; personal information of minors or of legally incompetent individuals or involving a representative acting on behalf of the individual. 3
NO
Sensitive personal information, including detailed profiles, allegations or suspicions and bodily samples, or the context surrounding the personal information is particularly sensitive. 4
NO
c) Program or activity partners and private sector involvement Risk scale
Within the institution (among one or more programs within the same institution) 1
NO
With other government institutions 2
YES
With other institutions or a combination of federal, provincial or territorial, and municipal governments 3
NO
Private sector organizations, international organizations or foreign governments 4
NO
d) Duration of the program or activity Risk scale
One-time program or activity 1
NO
Short-term program or activity 2
NO
Long-term program or activity 3
YES
e) Program population Risk scale
The program's use of personal information for internal administrative purposes affects certain employees. 1
NO
The program's use of personal information for internal administrative purposes affects all employees. 2
NO
The program's use of personal information for external administrative purposes affects certain individuals. 3
YES
The program's use of personal information for external administrative purposes affects all individuals. 4
NO
f) Technology and privacy Risk scale
Does the new or substantially modified program or activity involve implementation of a new electronic system or the use of a new application or software, including collaborative software (or groupware), to support the program or activity in terms of the creation, collection or handling of personal information? YES
Does the new or substantially modified program or activity require any modifications to information technology (IT) legacy systems? NO
Specific technological issues and privacy

Does the new or substantially modified program or activity involve implementation of new technologies or one or more of the following activities:
- enhanced identification methods; YES
- surveillance; or NO
- automated personal information analysis, personal information matching and knowledge discovery techniques? NO
g) Personal information transmission Risk scale
The personal information is used within a closed system (i.e., no connections to the Internet, Intranet or any other system and the circulation of hardcopy documents is controlled). 1
YES
The personal information is used in a system that has connections to at least one other system. 2
NO
The personal information is transferred to a portable device (i.e., USB key, diskette, laptop computer), transferred to a different medium or is printed. 3
NO
The personal information is transmitted using wireless technologies. 4
NO
h) Potential risk that, in the event of a privacy breach, there will be an impact on the individual or employee YES
i) Potential risk that, in the event of a privacy breach, there will be an impact on the institution. YES

Categorization of Risks using a Common Risk Scale

The following table summarizes the results of the standardized risk assessment above:

Identified Risk Categories Aggregate Risk Rating
No. of program characteristics identified as “low” risk (TBS Level 1 or 2) 1
No. of program characteristics identified as “moderate” risk (TBS Level 2 or 3) 3
No. of program characteristics identified as “elevated” risk (TBS Level 3 or 4) 2
No. of unaccounted or other potential privacy risks 3
Overall risk rating for the 30VicMTCSS Moderate

Based on a summary analysis of project characteristics, the 30VicMTCSS, in general, is likely to present Moderate risks to the privacy of individuals. Key risks and potential privacy impacts are detailed in the Privacy Compliance Analysis section of this report.

Date modified: