Career Transition Services

Privacy Impact Assessment (PIA) summary

Government Institution

Veteran Affairs Canada

Government Official Responsible for the Privacy Impact Assessment

Carlos Lourenso
Director, Health Care, Rehabilitation and Income Support Programs

Head of the government institution / Delegate for section 10 of the Privacy Act

Shawn MacDougall
Director, Access to Information and Privacy Coordinator

Name of Program or Activity of the Government Institution

Career Transition Services

Description of Program or Activity

The Career Transition Services Privacy Impact Assessment (PIA) is an update to the Veterans Affairs Canada (VAC) Job Placement PIA completed in 2007. VAC’s Career Transition Services (CTS) Program will assist recently released Canadian Forces members (including some categories of Reservists), Veterans, and Survivors get practical help finding a job. The Career Transition Program focuses on three key services: Job-Search Training, Career Counselling and Job-Finding Assistance. The CTS program was delivered by a national provider from 2007 until 2012. In December 2012 the contract with the national provider expired and in January 2013 the service delivery model for this program changed. In January, VAC began processing applications for benefits under this program without the services of an external contractor.

With the expiration of the contract for external service delivery in December 2012, VAC has made the decision to modify the CTS program to:

  • Assess applications for services and approve or decline individuals internally;
  • Enable eligible participants to choose their own service providers (such as resume or interview preparation companies; job placement organizations) and reimburse the clients directly;
  • Modify eligible participants to exclude still serving members of the Canadian Forces.

There are no disclosures to third parties under this new delivery model.

Description of the class of record and the Personal Information Bank

  • Career Transition Services – Personal Information Bank VAC PPU 530
  • Career Transition Services – Class of Record VAC MVA 825

Classes of Records and Personal Information Banks can be reviewed at: VAC's Info Source Chapter

Legal Authority for Program or Activity

The authority for VAC to collect and use the personal information for Career Transition Services is established under Section three of the Canadian Forces Members and Veterans Re-establishment and Compensation Act (CFMVRCA) and its accompanying Regulations.

Risk Area Identification & Categorization

The following section contains risks identified in the PIA for the new or modified program. A risk scale has been included. The numbered risk scale is presented in ascending order: the first level represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area. Please refer to Appendix C of the TBS Directive on PIAs to learn more about the risk scale.

  1. Type of Program or Activity
    • Administration of Programs / Activity and Services

      Level of risk to privacy – 2

  2. Type of Personal Information Involved and Context
    • Personal information, with no contextual sensitivities after the time of collection, provided by the individual with consent to also use personal information held by another source.

      Level of risk to privacy – 2

  3. Program or Activity Partners and Private Sector Involvement
    • Within the institution (amongst one or more programs within the same institution)

      Level of risk to privacy – 1

  4. Duration of the Program or Activity
    • Long-term program

      Level of risk to privacy – 3

  5. Program Population
    • The program affects all employees for internal administrative purposes.

      Level of risk to privacy – 2

  6. Technology & Privacy
    1. Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?

      Risk to privacy – No

    2. Does the new or modified program or activity require any modifications to IT legacy systems and / or services?

      Risk to privacy – Yes

    3. Enhanced identification methods - This includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc.) as well as easy pass technology, new identification cards including magnetic stripe cards, “smart cards” (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).

      Risk to privacy – No

    4. Use of Surveillance - This includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices, RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance, etc.

      Risk to privacy – No

    5. Use of automated personal information analysis, personal information matching and knowledge discovery techniques - For the purposes of the Directive on PIA, government institution are to identify those activities that involve the use of automated technology to analyze, create, compare, cull, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.

      Risk to privacy – No

  7. Personal Information Transmission
    The personal information is used within a closed system.

    Level of risk to privacy – 1

  8. Risk Impact to the Institution
    Managerial harm, Financial harm, Reputational harm, embarrassment, loss of credibility.

    Level of risk to privacy – 1, 3 and 4

  9. Risk Impact to the Individual or Employee
    Inconvenience, Reputational harm, embarrassment and Financial harm.

    Level of risk to privacy – 1, 2 and 3

Date modified: