Secondary menu

Privacy Impact Assessment – E-Registration Service

A Privacy Impact Assessment (PIA) has been conducted to determine if there are any privacy risks associated with the E-Registration Service and its management of personal information, and to make the necessary adjustments to mitigate these risks.

Section 1 – Overview and PIA Initiation

1.   Government Institution Responsible for Delivering Program or Activity

Elections Canada

2.   Delegate for Section 10 of the Privacy Act

Manager and Coordinator, Access to Information and Privacy

Government Official Responsible for PIA

Deputy Chief Electoral Officer, Electoral Events

3.    PIA Approved By

Chief Electoral Officer, Elections Canada

4.   Personal Information Bank

Voter Registration, CEO PPU 037

5.   Name of Program or Activity

Online voter registration service (E-Registration)

6.   Description of Program or Activity

On April 3, 2012, Elections Canada launched Phase 1 of its E-Registration service. This online service is designed to increase the accessibility of the electoral process by offering electors an additional and convenient way to check whether they are registered to vote, update their registration information and add themselves to the National Register of Electors.

Since the Canada Elections Actrequires a signature and/or documentary proof of identity for some transactions, only certain functionality is being made available in Phase 1. It allows electors to use online registration between elections to:

The E-Registration service is a significant advancement in providing online services to electors and expanding their access to the electoral process.

6.1   Legal Authority for Program or Activity

The Chief Electoral Officer is responsible under section 46 of the Canada Elections Actfor the maintenance and update of the National Register of Electors. The Chief Electoral Officer updates the Register from different sources, including information provided by electors.

Section 2 – Risk Area Identification and Categorization

In accordance with the Treasury Board Directive on Privacy Impact Assessment, the following identifies and categorizes the risk areas for the new service. A risk scale is included for each risk area and is presented in ascending order: the first level (1) represents the lowest level of potential risk for the risk area, and the fourth level (4) represents the highest level of potential risk for the given risk area. To learn more about the risk scale, please refer to Appendix C of the PIA Directive.

1.   Type of Program or Activity

Administration of program or activity and services.
Level of risk: 2

2.    Type of Personal Information Involved and Context

Personal information is provided by individuals, with their consent to also use personal information held by another source. There are no contextual sensitivities after the time of collection.
Level of risk: 2

3.   Degree of Program or Activity Partners and Private Sector Involvement

There is involvement with other federal, provincial/territorial and/or municipal government institutions, either singly or in combination.
Level of risk: 3

4.   Duration of Program or Activity

This is a long-term program.
Level of risk: 3

5.    Extent of Program Population

The program affects certain individuals for external administrative purposes.
Level of risk: 3

6.    Extent of Personal Information Transmission

Personal information is transmitted using wireless technologies.
Level of risk: 4

7.    Potential Risk to and/or Impact on Institution

In the event of a privacy breach, misuse of information could cause harm to Elections Canada's reputation, embarrassment, loss of credibility and/or decreased confidence of the public. It could also thrust elected officials into the spotlight and/or compromise Elections Canada's strategic outcome.
Level of risk: 4

8.   Potential Risk to Individual or Employee

In the event of a privacy breach, misuse of information could cause the following to the individual to whom the information pertains:

9.   Technology and Privacy

Does the option for the new or modified program or activity involve implementing a new electronic system, software or application program, including collaborative software (or group software), to support the management of personal information?
Yes

9.1   Specific Technological Issues and Privacy

Does the option for the new or modified program or activity involve implementing one or more of the following technologies?

Section 3 – Summary: Privacy and Risk Management Action Plan

The following actions address the risks identified in the PIA.

1.    Limiting the Collection, Use and Disclosure of Personal Information by:

2.    Safeguarding Personal Information by:

3.    Protecting the Integrity of Electors' Information by: