This Privacy Impact Assessment (PIA) evaluates whether the Human Resources Management System (GC HRMS PeopleSoft v.8.9) as it has been implemented by Veterans Affairs Canada (VA) complies with privacy requirements.
The scope of this PIA is limited to the GC HRMS v.8.9 upgrade and reflects the status of PeopleSoft as of March 2007. It focuses on VA employees' personal Human Resources information collected, used, disclosed, and retained in the PeopleSoft system.
The PIA review, conducted by Government Consulting Services, identifies three (3) areas of concern regarding privacy requirements. To resolve these identified privacy issues, mitigation measures have been recommended as follows:
Safeguarding personal information
- Conduct a Threat and Risk Assessment (TRA), develop a contingency plan to ensure that security measures are equal to sensitivity of personal information collected, and thoroughly address any risks identified in the TRA.
Accountability and performance measurement
- For the program custodian of personal information, ensure that accountability is documented and performance requirements are developed.
- Arrange with VA's Audit and Evaluation Branch for regular Audits of Compliance against privacy requirements.
Procedures and documentation
- Review person-to-person procedures and electronic processes for collection of personal information and ensure that documentation of purpose, authority, and consent are consistent across all collection processes.
- Continue discussions with Canada Public Service Agency (CPSA) regarding retention and disposition of personal information.
The above mitigation strategies, when implemented, will bring VA into agreement with privacy requirements.