open Secondary menu

Meeting Summary – Technical Meeting – November 20 and 21, 2017

Electronic Financial Return Modernization

Jeff Merrett, Director, Regulatory Instruments & Systems, provided an update on the Electronic Financial Return (EFR) Modernization project. EFR is a software program provided by EC to facilitate the reporting of financial information. It allows political entities to record financial transactions, creates financial returns based on information entered, and generates receipts for contributions. He explained that EC is replacing EFR with a browser-based application to facilitate the reporting of financial information of political entities. The new EFR will provide for simplified data entry and expand data import capability, create financial returns based on information entered and generate receipts for contributions, and allow digital consent and full electronic submission of returns and supporting documentation to EC.

Mr. Merrett informed members that, since the last ACPP meeting, EC has held focus groups with agents and auditors of electoral district associations and candidates and has surveyed parties to better understand the needs and expectations for a new reporting system. From these activities, the Agency learned that the features and capabilities we had envisioned were widely acknowledged as on-track and useful, and that concerns largely centred around the themes of simplicity of use, guided user support, accessibility and control over data, and security and privacy of information. One of the project's next steps will be to engage usability experts to review and assess the application as it is being developed to ensure EFR will offer a clean design, an intuitive user interface, opportunities for data import, autofill features (such as for addresses), tools for managing data (such as contributor lists), etc.

Mr. Merrett indicated that EC is now conducting an SA&A process, which will determine whether the IT security requirements established for the system are met and whether the safeguards work as intended. EC will enforce the necessary security measures through reinforced business processes, validation procedures, and identity and access management. EC will also conduct a Privacy Impact Assessment (PIA) to identify the potential privacy risks of new or redesigned programs or services, and also to help eliminate or reduce those risks. Mr. Merrett explained that PIAs are meant to describe and document what personal information is collected; how it is collected, used, transmitted and stored; how and why it can be shared; and how it is protected from inappropriate disclosure at each step.

Round Table Discussion

Some members expressed their concerns about the fact that all of the information would be stored in EC's systems. They suggested that EC should explore a solution where records and data could be kept in both EC's and the users' systems. There were some questions about whether this system would be optional or mandatory, and Mr. Merrett said the paper form would still be available. He also assured members that the data that EC will have access to will be the same as today, as EC will not be recording any more information. The Agency will have access only to the information that parties submit.