Funeral and Burial Program

Privacy Impact Assessment (PIA) summary

Government Institution

Veteran Affairs Canada

Government Official Responsible for the Privacy Impact Assessment

Hélène Robichaud
A/Director General, Commemoration Division

Head of the government institution / Delegate for section 10 of the Privacy Act

Crystal Garret-Baird
Director, Privacy and Information Management

Name of Program or Activity of the Government Institution

Funeral and Burial Program

Description of Program or Activity

This program provides financial assistance toward funeral, burial and grave marking expenses of eligible Veterans to recognize their service to Canada. Under the Veterans Burial Regulations, assistance is available for deceased service qualified Veterans whose deaths are a result of their service or whose estates do not have sufficient funds for a dignified funeral, burial and grave marking. The Funeral and Burial Program is administered by the Last Post Fund, an independent, non-profit organization, on behalf of Veterans Affairs Canada. This program is delivered through operating funds and grants.

Description of the Class of Record and Personal Information Bank associated with the program or activity

Class of Record: Funeral and Burial Program (VAC MVA 745)

Personal Information Bank: National and International Memorials – Funeral and Burial Program (VAC PPU 260)

Legal Authority for Program or Activity

Department of Veterans Affairs Act
Veterans Burial Regulations
Privy Council Order 1965-688

Risk Area Identification & Categorization

The following section contains risks identified in the PIA for the new or modified program. A risk scale has been included. The numbered risk scale is presented in ascending order: the first level represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area. Please refer to “Appendix C” of the TBS Directive on PIAs to learn more about the risk scale.

1. Type of Program or Activity
   • Administration of Programs / Activity and Services
     
     Personal information is collected to assist in making a determination whether a Veteran’s estate is eligible for funeral and burial assistance.

     Level of risk to privacy – 2

2. Type of Personal Information Involved and Context
   • Social Insurance Number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual.

     Level of risk to privacy – 3

3. Program or Activity Partners and Private Sector Involvement
   • Within the institution (amongst one or more programs within the same institution)
     
     With other federal institutions
     
     Private sector organizations or international organizations or foreign governments

     Level of risk to privacy – 1,2 and 4

4. Duration of the Program or Activity
   • Long-term program

     Level of risk to privacy – 3

5. Program Population
   • The program affects certain individuals for external administrative purposes

     Level of risk to privacy – 3

6. Technology & Privacy
   1. Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?

      Risk to privacy - No

   2. Does the new or modified program or activity require any modifications to IT legacy systems and / or services?

      Risk to privacy - No

   3. Enhanced identification methods - This includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc.) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).

      Risk to privacy – No

   4. Use of Surveillance - This includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices, RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc.

      Risk to privacy – Yes

   5. Use of automated personal information analysis, personal information matching and knowledge discovery techniques - For the purposes of the Directive on PIA, government institution are to identify those activities that involve the use of automated technology to analyze, create, compare, cull, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.

      Risk to privacy – No

7. Personal Information Transmission
   • The personal information is used in a system that has connections to at least one other system.
     
     The personal information is transferred to a portable device or is printed.

     Level of risk to privacy – 2 and 3

8. Risk Impact to the Institution
   • Managerial harm
     
     Organizational harm
     
     Reputation harm, embarrassment, loss of credibility.

     Level of risk to privacy – 1, 2 and 4

9. Risk Impact to the Individual or Employee
   • Inconvenience
     
     Reputation harm, embarrassment
     
     Financial harm
   • Level of risk to privacy – 1, 2 and 3