This Report is an update to the Interim Privacy Impact Assessment (IPIA) conducted in 2009 on the Temporary Resident Biometrics Project (TRBP), a joint Citizenship and Immigration Canada (CIC), Canada Border Service Agency (CBSA) and Royal Canadian Mounted Police (RCMP) project. The objectives of the Report are to: provide an update on the privacy risks since the publication of the 2009 IPIA Report, determine any new privacy risks associated to the TRBP since the IPIA was conducted and provide recommendations on measures to mitigate or eliminate identified risks.
The TRBP involves the electronic in-person collection of a digital photograph and all available fingerprints from Temporary Resident (TR) applicants by establishing a robust service delivery network for the capture of biometrics, which will consist of contracted Visa Application Centres (VACs) operated by third party service providers under service contracts, arrangements with other trusted governments and CIC offices abroad (only when authorized or directed by CIC). The personal information collected will be shared with the RCMP for verification against the immigration and Canadian criminal fingerprint repository (RCMP RTID), the results of which will be communicated to CIC’s Global Case Management System (GCMS) and available to support the decision-making process on the TR application. Once a decision is made, the photograph will be relayed to CIC’s e-Storage for onward transmission to the CBSA TRBP database for storage. The TR visa (TRV) decision will also be forwarded to CBSA as a reference for the verification process at the Port of Entry (POE), as is current practice.
The goal of the TRBP is to improve the quality of information provided to CIC and CBSA officers to allow them to make more informed decisions relating to an applicant’s admissibility. Through biometrics, the biometric identity of an applicant for a TRV, study permit, or work permit will be fixed at the time of application, authenticated through checks with Canadian criminal and immigration databases, and verified by CBSA Border Services Officers (BSOs) when the individual arrives at a POE. As a result, the Government of Canada will be in a better position to ensure the safety and security of Canadians and prevent abuse of the immigration system, while facilitating the processing of legitimate temporary visitors, workers and students who require visas.
This report includes the new privacy risks that were identified since the IPIA report as well as any updates to the previously identified risks and their respective mitigation mechanisms. It is worth noting that there are no new high-level risks identified related to the privacy and security of personal information. The most significant (medium-level) risk presented is the use of biometrics. To address this risk, legislative changes have already been made and regulatory changes are currently in pre-publication. In tandem, BPO is developing clear data usage and awareness policies as well as education and training programs which will be paramount to the success of the project. This Report discusses new and existing privacy risks associated with the principles of Accountability, Accuracy, Collection, Disclosure & Disposition, and Openness and provides various mitigation mechanisms that are/will be employed to address each risk—including assigning privacy custodians, finalizing agreements with partners, developing new policies to ensure accuracy of data collected, and establishing well defined retention schedules. The status of these risks and the progress on each corresponding mitigation strategy will be updated in the next (and final) phase of the Interdepartmental TRBP PIA.
- Date Modified: