Biometrics Field Trial Evaluation Report

Section 9. Privacy Considerations

9.1 Introduction

Privacy was an important consideration in the design and implementation of the biometrics field trial. The Office of the Privacy Commissioner was consulted starting at the design stage. For details on measures taken to protect field trial client privacy for this trial, see Appendix D.

9.2 Privacy risk mitigation measures taken during the field trial

This section briefly describes the measures taken by CIC during the field trial to mitigate privacy risks identified by the Office of the Privacy Commissioner. These risks were identified during initial consultations and are also listed in the Privacy Impact Assessment (PIA). CIC took care to ensure that:

  • Program custodian accountability for personal Information was documented
  • There was no Third party (vendor) access to personal information
  • CIC and CBSA stayed within legal authorities
  • There was no collection of new unnecessary personal information
  • Notice of collection was given as required under the Privacy Act
  • There was no improper retention and disposal of field trial information
  • Due consideration was given to publishing in a Personal Information Bank (PIB)
  • Departmental process on publicly available PIA was being followed
  • A process was put in place to mediate any disputes regarding the accuracy of digital renderings of photos i.e. “That’s not my picture!”
  • Procedures outlined in the Threat and Risk Assessment (TRA) were followed
  • Information technology – documented procedures and training were followed
  • Personal information management practices stayed within Treasury Board Secretariat guidelines
  • Field trial privacy safeguards were communicated

Since the completion of the PIA, CIC has not identified any new privacy risks and is not aware of any complaints under the Privacy Act or any violations of TBS privacy and data protection policies and guidelines.

CIC followed all of the recommended government procedures on public notification and client communication, including establishing a complaint mechanism and clear accountability for the new personal information (biometrics) being collected.

Physical access to the biometric information during the field trial was restricted to authorized personnel. All access to the secure area was recorded, either by an electronic entry system or in manual log books that were kept specifically for this purpose. Encrypted biometric data was stored on a stand-alone server. Biometric matching was not done in real time. Personal information was used only for testing purposes during the field trial and was not disclosed to any person or party.

All biometric templates and associated personal data were destroyed on July 19, 2007-three months after the close of the field trial.

For matching purposes, the biometrics system generated anonymous templates which could only be identified by a field trial identification number. The field trial number was not linked to any other CIC or CBSA information system or file number.

9.3 Conclusion

The privacy mitigation measures recommended by the Office of the Privacy Commissioner were followed and the new personal information collected (clients’ biometric) was treated with the utmost care.

<< Previous | Contents | Next >>