Privacy Impact Assessment - Secure Integrated Information Service

Executive Summary

National Security Criminal Investigations (NSCI) at the National Headquarters (NHQ) is the policy centre for the RCMP National Security Program (NSP). It provides a national program for the management of National Security (NS) criminal investigations that permit the RCMP to detect, prevent and disrupt domestic or international criminal activities that have a national security dimension affecting Canada. NSCI was established to ensure that all national security criminal resources and functions were aligned and controlled from within a single organizational structure. In November of 2003, a Ministerial Directive was issued to the RCMP requiring that all national security investigations be monitored by National Headquarters (NHQ). In September of 2006, Justice Dennis O'Connor issued his "Report of the Events Relating to Maher Arar", in which Recommendation 4 stated "The RCMP should maintain its current approach to centralized oversight of national security investigations." Both the government and the RCMP accepted all of Justice O' Connor's recommendations. Later that same month, Commissioner Zaccardelli assured government that NS investigations would be centrally controlled by NHQ in Ottawa. In May 2007, NSCI adopted a governance framework outlining the way in which central control is exercised, whereby NSCI at the NHQ will monitor, supervise and direct NS criminal investigations when necessary, and will provide oversight, guidance and direction where appropriate to the Divisions. Under the governance framework, NSCI will also ensure that relevant formation is shared internally and assist in discerning trends.

The NS Program does not have a standardized search-and-view capability that can support requests for consolidated data collected by NHQ and the divisions in an efficient or consistent manner. Prior to starting a new investigation, NSP investigators will search existing files in both the Protected 'B' and Classified Environments. Currently, searches are performed in isolation on standalone computer systems (e.g. Secure Major Case Management (SeMCM), Evidence and Reporting III (E&R III), SUPERText)), and paper-based documents filed in boxes. Overall, searches include background searches as well as searches of investigations to identify common or existing targets. Since the systems and their databases are all independent and stand alone, coordination by telephone with users who have the rights to each individual system is required, and the results are collated and/or consolidated manually.

The Secure Integrated Information Service (SeIIS) initiative proposes the implementation of the Integrated Information Service (IIS) in the Classified Environment (CE) that will provide a standardized nation-wide capability to search and view data that is relevant to NS criminal investigations. IIS is a query tool designed to provide RCMP members with the ability to query multiple internal systems from a single point including both structured and unstructured data. Initially the data will be sourced from the Secure Major Case Management (SeMCM) systems (e.g. Evidence and Report (E&R), SUPERText) located at the Divisions. Data from other operational systems (e.g. Secure Police Reporting and Occurrence System (SPROS) may be considered at a later date depending on its value to the investigations. This standardized tool will be available nation-wide and will enhance the RCMP's ability to efficiently and effectively search, view and share information that resides in various locations. The outcome of this initiative will not only benefit NSCI in fulfilling its mandate, but will also support the Integrated National Security Enforcement Teams (INSETs), the National Security Enforcement Sections (NSESs), the Source Development Units (SDUs) and the divisional NS investigators in their investigative undertakings.

Top of Page

Throughout the design and development of SeIIS, the RCMP made a commitment to privacy and took measures to mitigate risk by applying the ten privacy principles of the Canadian Standards Association Model Code for the Protection of Personal Information. The Oakes test was also applied to determine if the initiative was necessary or if another alternative would achieve the same purpose. The outcome of this assessment identified that the implementation of IIS in the classified environment is necessary to meet the need of accessing all national security information assets nationally; that it will effectively provide a tool that can be used by all national security analysts; that the need is proportional to privacy in that existing information assets are the source of query; and that there is no alternate method of achieving the required outcome. SeIIS will contain only the personal information necessary to fulfill the mandate of national security. The collection, therefore, is limited to that which is necessary for the purpose that relates directly to the National Security Program within the RCMP.

The risk associated to this initiative is deemed to be low. The recommendations made include an annual audit of SeIIS users, a notification to these users that transactional logging will occur on their use of the system, the publishing of an Executive Summary to the RCMP website and the naming of SeIIS in the Treasury Board of Canada annual publication of InfoSource as required under the Privacy Act.

The implementation of the SeIIS will occur in Summer 2010.