Privacy Impact Assessment Summary: Educational Credential Assessment

The Educational Credential Assessment (ECA) requirement was first introduced as part of the modernization of the Federal Skilled Worker Program (FSWP) in May 2013 and has since been broadened to other economic immigration program and pilots. ECA reports, attesting to the equivalency of an immigration applicant’s completed foreign credential to a completed educational credential in Canada and to its authenticity, are issued by organizations designated by the Minister of Citizenship and Immigration. As part of the Express Entry application system that was introduced on January 30, 2015, applicants for the FSWP are required to submit their ECA results and ECA report reference number as part of their online profile. While not a requirement, applicants to the Canadian Experience Class and the Federal Skilled Trades Program may also obtain and submit an ECA to earn extra points towards their Comprehensive Ranking System score. An ECA is also mandatory for the two Caregiver Pilot Programs, which were launched in November 2014, and the Immigrant Investor Venture Capital Pilot Program, which was launched at the end of January 2015.

Given that the ECA report is a new minimum requirement that involves third-party organizations, a Privacy Impact Assessment (PIA) was conducted to identify any privacy risks to personal information and the appropriate mitigation measures. In order to provide the ECA service, designated organizations collect personal information from potential applicants, such as educational credential documentation, and work on a case-by-case basis to authenticate foreign educational credentials and determine their equivalent value in Canada. Once individuals submit their application to IRCC for a program that either requires an ECA or a program for which an ECA is considered, IRCC officers have secure online access to the designated organizations’ databases to verify and validate applicants’ ECA reports. The results of this PIA indicate that mechanisms put in place by IRCC, such as service agreements with the organizations designated by the Minister, provide the necessary protection to personal information. The two risks relating to access to and security of personal information, identified as part of the PIA analysis, were rated as low since appropriate mitigation measures are in place that reduce the likelihood of their occurrence.