Shift Scheduling and Exception Pay Processing Reporting and Analytics

Executive Summary

This report contains a Privacy Impact Assessment (PIA) for the Royal Canadian Mounted Police (RCMP) Shift Scheduling and Exception Pay Processing Reporting & Analytics project. This project will deliver dimensional data models (cubes), purpose-built reports and analytical tools that will allow National Compensation Services (NCS), Corporate Budgeting, Occupational Health & Safety (OHS), Operational Managers and the E Division Business Intelligence (BI) team to analyze shift scheduling and extra duty pay data and information of up to approximately 22,000 members, assess the results against policies, come to decisions about how the RCMP functions and come to decisions if policies and/or processes need to be changed.

The data cubes and purpose-built reports will be used by:

  • National Compensation Services to validate officer working conditions against established policies, as well as to control and minimize overpayments;
  • Occupational Health & Safety to identify areas or occurrences within the organization that go beyond guidelines or policies for a safe and risk-free environment;
  • Operations managers to produce key management reports on overtime hours; and
  • E Division BI Unit to link schedules and overtime hours shift relief factors, general duty staffing assessments and fielded units to determine ample coverage for members of E Division.

Data relating to this project is currently housed in a number of corporate RCMP systems. The shift scheduling, extra duty pay, salary forecasting and human resources data will be transferred from the RCMP's instance of SAP, known as TEAM. Leave balances, leave transactions, and hazardous occurrences data (including incident and injury data of members) will be copied from RCMP's instance of PeopleSoft, known as Human Resources Information Management System (HRMIS). All manual paper-based extra duty pay entries will be transferred from the Member Pay System (MPS). This project will integrate the data from these sources into a Business Intelligence (BI) solution to run reports and provide analytical capabilities to the user groups noted above.

Given the extent of member personal data being integrated into this BI solution, security/access is a critical aspect of the solution. For this project, personal data is accessible via the BI solution through a two factor authentication through the RCMP's secure access portal using a valid Entrust token or smart card. Also, users must be on an approved list to access personal data relative to the breath of their job responsibilities. Their access to specific member data is provided on a "need to know" basis and is restricted to only those users identified on a controlled user list.

This project will not collect of additional personal data from RCMP members. Rather, this project will use existing personal data to provide a picture of the overall health and wellness of RCMP members, including their work life balance.

Risks and Recommendations

The following are primary risks and recommendations:

Risk #1: Unnecessary access to the Personal Data

Users of the Cognos application who were once granted access based on job function may have changed positions, received a transfer and therefore no longer require access to view personal data. However, these users may still have access to view personal data that is beyond their new span of control. In addition, there may be instances where a user was/is granted access temporarily (acting position, special event), and the access was not removed at the completion of these duties.

Recommendation #1:

Establish a quarterly schedule where a regular user audit and clean-up is conducted of the Cognos application to ensure that users have the relevant access to complete their job functions, and are limited to the span of control that they are responsible for. Specifics of this user audit and clean-up include:

  • Providing a list of users to the relevant policy centres for validation to ensure that a user's access is relevant;
  • Removing access of those users who have not logged in within the past 90 days; and
  • Following proper security protocols in case of unauthorized user access, including sharing of accounts.

Risk #2: Improper protection protocols surrounding Protected 'B' Personal Data & Information

Personal Data & Information that is/will be available in the Cognos application is considered Protected 'B' and must be treated as such. There are particular risks that must be considered when a user is granted access to personal data. There could be instances where:

  • Users are saving personal data & information on a desktop;
  • Storing unencrypted data on a shared network drive, allowing unauthorized users possible access to this personal data & information;
  • Users forwarding Personal Data contained within a report via email without properly encrypting the contents of the email;
  • Users printing personal data and leaving this data on a printer and/or not properly storing this personal data based on the guidelines set forth to store Protected B data; and
  • Users taking personal data off-site.
Recommendation #2:

Ensure that authorized users of the Cognos application, specifically those who are accessing personal information are aware that they should treat all personal data as Protected B. Once the user access is granted, TEAM BI will ensure that the steps to access a user's reports and dimensional models include a statement on how to encrypt Protected B data and its contents. The email will indicate a link pointing to the policy on how Protected B data is to be protected within the Government of Canada and the RCMP. All reports and dimensional models from the Cognos application containing personal information will clearly indicate in the header or footer of each page that the data is Protected B.

Risk #3: Personal data & information unknowingly shared with other government departments

Personal data & information, and its use outlined in the contents of this PIA indicate that all personal data will remain internal to the RCMP, and not be shared with other government departments. There may be instances where users are unknowingly sharing data with other government departments without ensuring that the proper measures and safeguards are in place to do so.

Recommendation #3:

Follow up with each of the respective key stakeholder groups (NCS, OHS, Operational Managers, E Division BI unit) to ensure that personal data is not shared with other government departments. If a stakeholder intends to share this data with another government department, an addendum must be made to this PIA to reflect the intended purpose and distribution of personal data to another government department.

Risk #4: Improper disclosure of access to personal information

The Cognos application enables an administrator, and specific super-users the ability to "burst" reports via email. Bursting a report means that a report contained within Cognos can be changed, and sent automatically to a list of users via email. As Cognos does not have the ability to encrypt an email, specifically an email containing personal data, users could potentially share personal data that may be considered in violation of Protected B practices for protecting data. This could result in the access and/or sharing of personal data by an individual who do not have a need to know.

Recommendation #4:

Ensure that only specific users and administrators are provided access to, and schedule reports to be sent via email. These reports must contain aggregated data, and not have any personal data or information contained within the report, or email itself. The intended recipients will only be granted access to data within their span of control. Finally, all links that allow a recipient of the email and attachment to "drill-down" (e.g.: access personal data or underlying detailed data) within a report must also be removed when a report is sent via email directly from Cognos.

Risk #5: Data transferred from HQ to E Division BI Unit by unauthorized individuals.

Personal Data that is/will be transferred between the mainframe at headquarters and the SQL server administered by the E Division BI by unauthorized users.

Recommendation #5:

Confirm safeguards are in place between mainframe and SQL server, and that only authorized users can access this data. Ensure that the receiving environment is secured to Protected B, and can handle personal data & information. It has been confirmed by Shared Services Canada that the data is considered Protected B throughout the transfer process. Finally, security logs will be reviewed routinely to check for unauthorized access to the server and to the database, and user accounts will be reviewed annually to confirm if access is still required.

Date modified: