Description of the program or activity
CSE shares metadata information with the Five Eyes Cryptologic Community, through an information sharing framework.
Description of the project, initiative or change
The main component of the framework is query-based access, whereby access to metadata will be granted to the Five Eyes partners on the basis of a predefined query checked against CSE legal and policy requirements.
Personal information bank (PIB)
This Privacy Impact Assessment identified a requirement to modify an existing PIB:
CSE - Foreign Intelligence Files – CSE PPU 040
This bank describes personal information acquired from or through the global information infrastructure, including by engaging or interacting with foreign entities located outside Canada or by using any other method of acquiring information for the purpose of providing foreign intelligence, in accordance with the Government of Canada’s intelligence priorities. Personal information may include: name, contact information, biographical information, financial information, employment information, views and opinions of, or about, individuals, and other personal information of relevance obtained in the course of intelligence gathering.
Note: This bank is designated by the Governor-in-Council as an exempt bank pursuant to subsection 18(1) and based on section 21 of the Privacy Act.
Class of records
CSE – Intelligence - CSE MIS 080
Includes records/information resources related to acquiring and using information from the global information infrastructure in accordance with CSE’s lawful mandate, to provide foreign intelligence, concerning foreign individuals, states, organizations or terrorist groups, which has implications for Canada’s international affairs, defence or security (s. 16 of the CSE Act).
Includes records/information resources related to requests for the provision of technical and operational assistance to federal law enforcement and security agencies (s. 20 of the CSE Act).
Overall risk assessment
Low-Moderate Privacy Risk