Author: Valencia IIP Advisors Limited
Date: February 2021
Appropriate Senior Official: George Bailey - Director, Human Resources
Section 10 Delegate: Natalie Sabourin, CATSA ATIP Coordinator
This is a summary of the Privacy Impact Assessment (PIA) completed by Valencia IIP Advisors Limited for the Canadian Air Transport Security Authority (CATSA) for the Human Resources Information System and Payroll Solution (HRIS) project. The PIA was conducted using the Treasury Board of Canada Secretariat guidelines for conducting PIAs, which incorporates the ten principles of the Canadian Standards Association (CSA) Model Code for assessing fair information handling practices.
The CATSA HRIS is a cloud-based software-as-a-service solution to facilitate talent management and facilitate CATSA Human Resources functions. CATSA has subscribed to the vendor’s Canadian services so that data is stored within a Canadian data centre. The PIA did not reveal any major concerns in terms of compliance with the Privacy Act.
| Type of Program | Compliance |
|---|---|
| Administration of Programs / Activity and Services | Yes |
| Compliance / Regulatory investigations and enforcement | Yes |
| Aviation Security | No |
| Type of Personal Information Involved and Context | Compliance |
|---|---|
| Social Insurance Number, medical, financial or other sensitive Personal Information and/or the context surrounding the Personal Information is sensitive. | Yes |
| Sensitive Personal Information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the Personal Information is particularly sensitive | Yes |
| Program Partners and Private Sector Involvement | Compliance |
|---|---|
| Within CATSA (amongst one or more programs within CATSA) | Yes |
| With other Government of Canada institutions | Yes |
| With other or a combination of federal/ provincial and/or municipal government(s) | Yes |
| Private sector organizations or international organizations | Yes |
| Duration of the Program | Compliance |
|---|---|
| Short-term program | Yes |
| Program Population | Compliance |
|---|---|
| The program affects all individuals for internal administrative purposes. | Yes |
| The program affects all individuals for external administrative purposes. | Yes |
Conclusion
Conclusion In February 2021, a copy of this PIA was submitted to the Office of the Privacy Commissioner (OPC) for review.