Citizenship and Immigration Canada’s (CIC) e-Services environment, which includes MyCIC and various other client centred online services, is used by CIC clients and various partner organizations as a means of interacting with CIC.
The scope of the prepared overarching e-Services Privacy Impact Assessment (PIA) looked at the state of the e-Services environment, and its support business processes as of May 2010. At that time, the e Services were developed to only applicants applying under Temporary Resident (TR) lines of business; however, it is expected that the e-Services environment will evolve and expand to provide services to clients applying under Permanent Resident (PR) lines of business. Future developments and changes made to the e-Services environment will be reflected in a separate PIA, which will be prepared at a later date.
The current state of CIC’s e-Services environment is composed of four distinct technical components:
- e-Application (refer to the e-Application PIA Summary);
- MyCIC secure online interface where clients can access the e-Application;
- The Electronic Notification System (ENS); and
- The Partner Portal which provides educational institutions participating in the Off-Campus Work Permit Program (OCWPP) access to the Electronic Notification System (ENS).
The information collected by CIC’s e-Services environment is classified as Protected “B”. This information is stored within a database table and user authentication is required by both internal and external users each time they log-in. To ensure client information is secure, audit tables have been put in place, where appropriate, in order to track who and when access requests were made to applicant information. Internal users (i.e. CIC users) are able to access the e-Services environment by using a Role Based Access Control (RBAC). This is done through the creation of various roles with specific permissions set based on a user’s various responsibilities; user functions are limited based on the role to which they are assigned.
The PIA was conducted using the Treasury Board Secretariat (TBS) guidelines and incorporates the ten principles of the Canadian Standards Association (CSA) model for assessing information handling practices.
The privacy risks identified as part of the assessment are classified as low to moderate and an action plan has been developed to address and mitigate these risks.
- Date Modified: