Privacy Impact Assessment – Elections Canada's National Register of Electors Immigration, Refugees and Citizenship Canada C-76 Data Transfers for Foreign Nationals and Permanent Residents
A privacy impact assessment (PIA) was conducted to identify and mitigate any privacy risks associated with the transfer of foreign nationals and permanent residents data from Immigration, Refugees and Citizenship Canada (IRCC) to Elections Canada's (EC) National Register of Electors (NROE).
Section 1 – Overview and PIA Initiation
- Elections Canada (lead government institution for the purpose of the PIA)
- Immigration, Refugees and Citizenship Canada
Government Officials Responsible for the PIA:
- Director, NROE, EC
- Director, Intergovernmental Relations, IRCC
Delegates for Section 10 of the Privacy Act:
- Assistant Director, Access to Information and Privacy, EC
- Chief Privacy Officer, IRCC
Description of the Program or Activity:
The EC NROE is the permanent, continually updated database of Canadians who are eligible to vote in federal elections and referendums. It contains the family name, given name, gender, date of birth, Canadian residential address and Canadian mailing address for some 26 million electors along with a unique identifier to help track changes to the elector's record. EC uses the information in the NROE to create preliminary lists of electors at the beginning of federal elections and referendums. The preliminary elector list data is used to mail voter information cards to electors telling them where and when to vote and is given to candidates and political parties. In addition, the Canada Elections Act (CEA) requires EC to provide lists of electors to members of Parliament and registered political parties by the 15th of November each year, if there has not been a federal election in the last six months. The CEA also allows EC to enter into agreements with provincial and territorial electoral bodies to provide data from the NROE for use at their elections.
Personal Information Banks (PIB):
- Voter Registration and Identification – Elections PPU 037
- In-Canada Asylum IRCC PPU 009
- Permanent Economic Residents IRCC PPU 042
- International Students IRCC PPU 051
- International Mobility IRCC PPU 054
- Federal Immigrant Investors and Entrepreneurs IRCC PPU 010
- Refugee and Humanitarian Resettlement IRCC PPU 008
EC and IRCC Legislative Authority:
Subsections 44(1), (2) and (3); 46(1); 52(1) and (2); and section 46.01 of the Canada Elections Act
Project / Activity Summary:
The activity focuses on the transfer of foreign nationals' (FN) and permanent residents' (PR) data from IRCC to EC. EC uses the personal information to validate and update electoral data in the NROE based upon an individual's status as a non-citizen (FN or PR) and render these individuals as ineligible to vote within the NROE. It also allows EC to add to the NROE individuals who have identified themselves as Canadian and who have consented to the Canada Revenue Agency transferring their information to EC, but whose citizenship cannot be confirmed from a secondary source.
Section 2 - Risk Area Identification and Categorization
A. Type of Program or Activity:
Administration of Programs / Activity and Services
Personal information is used to make decisions that directly affect the individual (i.e. determining eligibility for programs, including authentication for accessing programs/services, administering program payments, overpayments, or support to clients, issuing or denial of permits/licenses, processing appeals, etc.). (Level of Risk to Privacy: 2)
B. Type of Personal Information Involved and Context:
Social insurance number, medical, financial or other sensitive personal information and/or sensitive context surrounding the personal information; personal information of minors or incompetent individuals or that involves a representative acting on behalf of the individual (Level of Risk to Privacy: 3)
C. Program or Activity Partners and Private Sector Involvement:
With other federal institutions (Level of Risk to Privacy: 2)
D. Duration of the Program or Activity:
Long-term program (Level of Risk to Privacy: 3)
E. Program Population:
The program affects certain individuals for external administrative purposes. (Level of Risk to Privacy: 3)
F. Technology and Privacy:
Does the new or modified program involve the implementation of a new electronic system, software or application program, including collaborative software (or groupware) that is implemented to support the program in terms of the creation, collection or handling of personal information? – No.
Does the new or modified program require any modifications to IT Legacy Systems and/or services? – No.
Does the new or modified program or activity involve the implementation of one or more of the following technologies?
- Enhanced identification methods? – No.
- Use of surveillance? – No.
- Use of automated personal information analysis, personal information matching and knowledge discovery techniques? – Yes.
G. Personal Information Transmission:
The personal information is transferred to a portable device or is printed (Level of Risk to Privacy: 3)
H. Potential risk that, in the event of a privacy breach, there will be an impact on the individual or employee:
Inconvenience, reputational harm, identity theft, financial harm and physical harm