National Administrative Records Management System - Employee-management relations addendum

Executive summary

The National Administrative Records Management System (NARMS) Privacy Impact Assessment (PIA) was submitted in 2008 to the Office of the Privacy Commissioner (OPC). This Addendum to the original PIA, applies to the implementation, within NARMS, of the Duty to Accommodate, administrative processes, namely accommodating a Regular Member or Civilian Member of the Royal Canadian Mounted Police (RCMP) following an injury or request for special considerations.

Information will be entered into NARMS through direct data entry (keyboarding), by attaching external documents/reports, and by the scanning of hardcopy documents and the subsequent inclusion of the scanned images into the NARMS dataset. All data entry, attaching of documents and document scanning will be done by RCMP personnel.

The data in NARMS will be used for statistical reporting on the number, type and status of activities which are recorded in NARMS. Forecasting, planning, evaluating and training requirements may also be derived from the data. When used for any of these purposes, all personal information will be removed or rendered unidentifiable; therefore this addendum to the original PIA has no impact on privacy issues as it relates to reporting.

The information entered into NARMS; as stated in the original PIA will be accessed through the National Police Services Network (NPSNet) which provides national network support to the RCMP and its public safety partners over a dedicated inter-network and Asynchronous Transfer Mode (ATM) backbone. As well NARMS will use the ENTRUST API (Application Programming Interface) to access the ENTRUST security manager to obtain Authentication and Authorization permissions to access NARMS.

In addition to the above noted security features, NARMS users will be assigned to one or more Domains depending upon their position within the RCMP and will operate using Role Based Access Controls (RBACs).

Domains are specific to a business process and the information housed within a Domain is only visible to users with an account in that specific Domain. Personal Security Domain user will have access to information housed within the Personal Security Domain, however that same user will not have access to information housed in the Duty to Accommodate Domain unless specifically granted access to the Duty to Accommodate Domain.

Domains are assigned based on "need to know" requirements, and roles are associated to permission (rights) to access information and functions specific to the role being performed. Further security is available within NARMS to restrict access to specific data to only those users who are included on Access Control Lists (ACL).

Date modified: