Privacy assessment required before use.
In Canada, the Standing Committee on Access to Information, Privacy and Ethics, a federal parliamentary body, consulted a number of federal departments in February 2024. The state investigation follows the following article: radio canada Regarding the use of smartphone and PC data extraction tools by these departments.
The agencies allegedly used the software without undergoing a prior privacy impact assessment (PIA) as required by federal law. Several organizations have admitted the charges, including:
- Canadian shared services.
- Competition Bureau.
- Transportation Safety Board of Canada.
- Canada Border Services Agency.
Pia”This is a best practice we should implement and that’s why we’re doing it now” confirmed Scott Jones, president of Shared Services Canada.
Other federal agencies were evasive, leading to several tense moments with lawmakers. Defense Ministry spokeswoman Sophie Martel said:Many privacy impact assessments are now being done on the go”
“Did you complete the PIA before using this tool for the first time or not? Did you or did you not? ‘ argued Conservative MP Michael Barrett. « To be honest I don’t know, » Martel finally answered. « we didn’t, » Her colleague, the Brigadier General, interjected. Dave Yarker, Director of Cyber Operations.
Other ministries claimed to have used PIA before the committee, but did not mention it during the committee’s interviews. radio canada. Accordingly, the Canadian Radio-television Telecommunications Commission (CRTC) and the Canada Revenue Agency (CRA) claimed that he conducted PIAs in 2014 and 2016, respectively. Finally, Natural Resources Canada admitted that it obtained these data extraction tools but never used them.
