The Collection and Retention of Information for the Expression of Interest
Executive Summary
Description of the Project
The Expression of Interest (the “EOI”) allows the OPC to renew its legal agents list, allowing individual lawyers and/or law firms to submit applications to the OPC in the most efficient manner possible. The EOI is a request for information only, intended to identify qualified and interested respondents to be included on a renewed eligibility list for possible recommendation and consideration for appointment as Legal Agents of the Commissioner.
Individual lawyers and/or law firms may submit information via an electronic form hosted on the OPC’s website. This form will include mandatory fields that will be completed by the requestor. Once submitted, the information will generate a list of individual lawyers and/or law firms interested in providing legal services to the OPC.
System Description
The EOI will be using an existing OPC’s platform for the collection and retention of information of individual lawyers and/or law firms who fill in and submit an application form with the goal of being considered as possible Legal Agents of the Commissioner. This platform was implemented in 2015 by the OPC’s Information Centre in order to create online forms featured on the OPC website, allowing individuals to submit informal complaints to the OPC regarding various privacy matters.
Objective
Offer a safe platform that will ensure that individual lawyers and/or law firms, qualified and interested in applying, include all the details required in order to be recommended and considered for appointment as Legal Agents of the Commissioner.
Goals
- Provide individual lawyers and/or law firms with an easy way to submit their applications to be considered for appointment as Legal Agents.
- Provide individual lawyers and/or law firms with a web-based tool that is easy and simple to use.
- Facilitate internal administrative procedure.
- Gather a list of individual lawyers and/or law firms qualified to provide legal services and complement in-house counsel.
Risk Area Identification and Categorization
| Type of Program or Activity | Level of Risk to Privacy |
|---|---|
|
Program or activity that does NOT involve a decision about an identifiable individual Personal information is used strictly for statistical / research or evaluations including mailing list where no decisions are made that directly have an impact on an identifiable individual. The Directive on PIA applies to administrative use of personal information. The Policy on Privacy Protection requires that government institutions establish an institutional Privacy Protocol for addressing non-administrative uses of personal information. |
1 NO |
|
Administration of Programs / Activity and Services Personal information is used to make decisions that directly affect the individual (i.e. determining eligibility for programs including authentication for accessing programs/services, administering program payments, overpayments, or support to clients, issuing or denial of permits/licenses, processing appeals, etc.). |
2 YES |
|
Compliance / Regulatory investigations and enforcement Personal information is used for purposes of detecting fraud or investigating possible abuses within programs where the consequences are administrative in nature (i.e., a fine, discontinuation of benefits, audit of personal income tax file or deportation in cases where national security and/or criminal enforcement is not an issue). |
3 NO |
|
Criminal investigation and enforcement or national security Personal information is used for investigations and enforcement in a criminal context (i.e. decisions may lead to criminal charges/sanctions or deportation for reasons of national security or criminal enforcement). |
4 NO |
| Type of Personal Information Involved and Context | Level of Risk to Privacy |
|---|---|
|
1 YES |
|
2 NO |
|
3 NO |
|
4 NO |
| Program or Activity Partners and Private Sector Involvement | Level of Risk to Privacy |
|---|---|
|
Within the institution (among one or more programs within the same institution) |
1 YES |
|
With other federal institutions |
2 NO |
|
With other or a combination of federal/ provincial and/or municipal government(s) |
3 NO |
|
Private sector organizations or international organizations or foreign governments |
4 NO |
| Duration of the program or activity | Level of Risk to Privacy |
|---|---|
|
One-time program or activity Typically involves offering a one-time support measure in the form of a grant payment as a social support mechanism. |
1 NO |
|
Short-term program A program or an activity that supports a short-term goal with an established “sunset” date. |
2 YES |
|
Long-term program Existing program that has been modified or is established with no clear “sunset”. |
3 NO |
| Technology & Privacy | Level of Risk to Privacy |
|---|---|
|
Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information? |
NO |
|
Does the new or modified program or activity require any modifications to IT legacy systems and / or services? |
NO |
| The new or modified program or activity involve the implementation of one or more of the following technologies: | |
|
- Enhanced identification methods This includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc.) as well as easy pass technology, new identification cards including magnetic stripe cards, “smart cards” (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic). Identify the applicable category(ies): N/A |
NO |
|
- Use of Surveillance: This includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices, RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc. Identify the applicable category(ies): N/A |
NO |
|
- Use of automated personal information analysis, personal information matching and knowledge discovery techniques: For the purposes of the Directive on PIA, government institution are to identify those activities that involve the use of automated technology to analyze, create, compare, cull, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior. Identify the applicable category(ies): N/A |
NO |
| A Yes response to any of the above indicates the potential for privacy concerns and risks that will need to be considered and if necessary mitigated. | |
| Personal Information Transmission | Level of Risk to Privacy |
|---|---|
|
The personal information is used within a closed system. No connections to Internet, Intranet or any other system. Circulation of hardcopy documents is controlled. |
1 NO |
|
The personal information is used in system that has connections to at least one other system. |
2 NO |
|
The personal information is transferred to a portable device or is printed. USB key, diskette, laptop computer, any transfer of the personal information to a different medium. |
3 YES |
|
The personal information is transmitted using wireless technologies. |
4 NO |
| Risk Impact to the Institution | Level of Risk to Privacy |
|---|---|
|
Managerial harm. Processes must be reviewed, tools must be changed, change in provider / partner. |
1 YES |
|
Organizational harm. Changes to the organizational structure, changes to the organizations decision-making structure, changes to the distribution of responsibilities and accountabilities, changes to the program activity architecture, departure of employees, reallocation of HR resources. |
2 NO |
|
Financial harm. Lawsuit, additional moneys required reallocation of financial resources. |
3 NO |
|
Reputation harm, embarrassment, loss of credibility. Decrease confidence by the staff, public, elected officials under the spotlight, institution strategic outcome compromised, government priority compromised, impact on the Government of Canada Outcome areas. |
4 NO |
| Risk Impact to the Individual or Employee | Level of Risk to Privacy |
|---|---|
|
Inconvenience. |
1 YES |
|
Reputation harm, embarrassment. |
2 NO |
|
Financial harm. |
3 NO |
|
Physical harm. |
4 NO |
- Date modified: