National Administrative Records Management System

Executive summary

This Privacy Impact Assessment (PIA) is applicable to the implementation of the National Administrative Records Management System (NARMS) for use within the Royal Canadian Mounted Police (RCMP) to support administrative investigations. Administrative investigations are related to existing RCMP employees and assets, applicants to become RCMP employees and individuals who request access to RCMP assets (for example: contractors, volunteers, etc.). Operational investigations (i.e., policing; law enforcement) are not supported by NARMS and therefore are not within the scope of this PIA.

Version 2.0 of the NARMS PIA applies to Phase 1 of NARMS which is the support of RCMP security screening investigations. Addendums and/or new versions of this PIA will be created as additional types of administrative investigations are scheduled for implementation in NARMS.

Administrative investigations are a requirement within most/all organizations, and the RCMP is not an exception, therefore the collection, disclosure and use of personal information for the purpose of investigation is not new. What will be new with the implementation of NARMS is:

  1. the manner in which the personal information is stored and made available to investigators; and
  2. the manner in which investigators are tasked to perform the validation and the way in which they confirm completion of the task(s) and provide the specific results.

The primary goals of NARMS are to improve the efficiency of the investigation process, monitor the status of each investigation and provide for the ability to produce national, regional and divisional statistics on investigative workload.

NARMS will use the ENTRUST API (Application Programming Interface) to access the ENTRUST security manager to obtain Authentication and Authorization permissions to access NARMS.
NARMS users will be assigned to one or more domains within NARMS. Domains are assigned based on "need to know" requirements. Data created during the course of an investigation is only accessible by those users signed-on to the specific domain in which it was created.

NARMS will operate using Role Based Access Controls (RBAC). Each role has associated permissions (rights) to access information and functions specific to the role being performed.
Access Control Lists (ACL) will be created within NARMS to restrict access to specific data to only those users who are included on the specified ACL.

Although some of the personal information that will be used in NARMS may also be resident in other RCMP systems (such as in the Human Resources Management Information System (HRMIS)), there are no electronic interfaces to other systems planned for NARMS.

The data in NARMS may be used for statistical reporting on the number, type and status of activities which are recorded in NARMS, or for forecasting, planning, evaluating and training requirements. When used for any of these purposes all personal information will be removed or rendered unidentifiable, therefore this PIA has no privacy issues to address concerning the use of the data in this manner.

Date modified: