Privacy Impact Assessment - Revise 2015

A privacy impact assessment (PIA) was conducted to identify and mitigate any privacy risks associated with the Revise 2015 project, which introduced the Revise 3.0 application, a key tool in revision, used to update elector records and poll information during events such as a general election, by-election or referendum.

Section 1 - Overview and PIA Initiation

Government Institution Responsible for Delivering the Program or Activity:

Elections Canada

Government Officials Responsible for the Program or Activity:

• Senior Director, Operations and Field Governance
• Senior Director, Electoral Data Management and Readiness

Delegate for Section 10 of the Privacy Act:

Assistant Director, Access to Information and Privacy

Name and Description of the Program or Activity:

Electoral Operations allows EC to deliver fair and efficient electoral events whenever they may be required so that Canadians are able to exercise their democratic right to vote during a federal general election, by-election or referendum by providing an accessible and constantly improved electoral process responsive to the needs of electors.

Personal Information Banks:

• Voter Registration and Identification Elections PPU 037
• Special Voting Rules Elections PPU 040

Legal Authority for Program or Activity:

Part 4 of the Canada Elections Act requires the Chief Electoral Officer to maintain and update the personal information of qualified electors in a National Register of Electors (NROE). The Register of Electors is updated based on various sources, including information provided by electors and held by federal departments. Part 7 of the Act prescribes the preparation and revision of lists of electors using information from the Register and supplied by electors during an electoral event.

Summary of the Project:

The Revise 2015 project introduces the Revise 3.0 operational application. By using Elections Canada's data repositories, online voter registration service and infrastructure, Revise 3.0 allows users to immediately apply revisions made to elector records to a central list of electors used by all returning offices during an electoral event.

Section 2 - Risk Area Identification and Categorization

A. Type of Program or Activity:

Administrative program or activity where personal information is used to make decisions that directly affect the individual (Level of Risk to Privacy: 2)

Compliance/regulatory investigations and enforcement (Level of Risk to Privacy: 3)

B. Type of Personal Information Involved and Context:

Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program (Level of Risk to Privacy: 1)

C. Program or Activity Partners and Private Sector Involvement:

Within or among one or more programs within the institution (Level of Risk to Privacy: 1)

With other or a combination of federal, provincial, territorial and/or municipal government institutions (Level of Risk to Privacy: 3)

Private sector organizations or international organizations or foreign governments (Level of Risk to Privacy: 4)

D. Duration of the Program or Activity:

This is a long-term program with no clear "sunset" (Level of Risk to Privacy: 3)

E. Program Population:

The program affects certain individuals for external administrative purposes (Level of Risk to Privacy: 3)

F. Technology and Privacy:

Does the new or modified program involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program in terms of the creation, collection or handling of personal information? – Yes.

Does the new or modified program require any modifications to IT Legacy Systems and/or services? – Yes.

Does the new or modified program or activity involve the implementation of one or more of the following technologies?

• Enhanced identification methods? – No.
• Use of surveillance? – No.
• Use of automated data analysis, data matching and knowledge discovery techniques? – Yes.

G. Personal Information Transmission:

The personal information is used in a system that has connections to at least one other system. (Level of Risk to Privacy: 2)

The personal information is transferred to a portable device or is printed. (Level of Risk to Privacy: 3)

The personal information is transmitted using wireless technologies. (Level of Risk to Privacy: 4)

H. Potential Risk of Impact on Individual Caused by a Privacy Breach:

Identity theft, fraud, damaged reputation and individual well-being