Privacy Impact Assessment Summary

The Annex concerning the exchange of information on a case-by-case basis under the Memorandum of Understanding (MOU) between the Department of Citizenship and Immigration Canada and the Canada Border Services Agency with the United Kingdom Secretary of State for the Home Department acting through the Home Office Regarding the Exchange of Information.

On September 9, 2015, Canada signed an updated information sharing arrangement with the United Kingdom (UK) that enables the exchange of immigration and citizenship information on a case-by-case basis to assist in the administration and enforcement of each country’s immigration and citizenship laws. The updated information sharing arrangement reflects modernized privacy protections.

Safeguarding personal information

A detailed Privacy Impact Assessment (PIA) was carried out in 2015 to ensure that the Case-by-Case Annex reflected Canadian privacy requirements, including the Privacy Act and related policies.

The updated arrangement contains provisions that protect personal information to a high standard consistent with both countries’ domestic laws.

Specific measures that will be employed to protect privacy include:

  • Ensuring that procedures related to retention and disposal of information are clearly established;
  • Requiring robust mechanisms to track and audit information sharing to ensure compliance with data security and privacy requirements;
  • Using encryption and other security tools to protect files that are shared;
  • Regular reviews and quality assurance checks to ensure information safeguards are working;
  • Consulting the organization in each country responsible for oversight of privacy as appropriate;
  • Ensuring individuals subject to information sharing have access to their information and the ability to correct erroneous information;
  • Measures to ensure exchanges are necessary, relevant and proportionate, including the designation of officials authorized to exchange information; and
  • Implementing mitigation strategies for the risks identified in the PIA (such as the need for documenting roles and responsibilities, naming program custodians, designating officials authorized to exchange information, improving notation processes, detailing procedures for the correction of inaccurate information and updating relevant Personal Information Banks).

A separate PIA will be developed for any future Annexes under the MOU.

Date Modified: