Sources of Federal Government and Employee Information
Table of contents
General Information
Introduction
Info Source: Sources of Federal Government and Employee Information provides information about the functions, programs, activities and related information holdings of government institutions subject to the Access to Information Act and the Privacy Act. It provides individuals and employees of the government (current and former) with relevant information to access personal information about themselves held by government institutions subject to the Privacy Act and to exercise their rights under the Privacy Act.
The Introduction and an index of institutions subject to the Access to Information Act and the Privacy Act are available centrally.
The Access to Information Act and the Privacy Act assign overall responsibility to the President of Treasury Board (as the designated Minister) for the government-wide administration of the legislation.
Background
The Communications Security Establishment reports to Parliament through the Minister of National Defence.
Read about CSE, including its History, Legislation, and Accountabilities.
Responsibilities
Read about CSE’s mandate and responsibilities.
Institutional Functions, Programs and Activities
Signals Intelligence
As mandated by section 16 of the CSE Act, the Signals Intelligence program provides foreign intelligence that addresses the Government of Canada’s vital interests in defence, security and international affairs through the collection, processing, analysis and reporting of intelligence. It also provides technical and operational assistance to federal law enforcement and security agencies.
Intelligence – Class of Record
Description: Includes records/information resources related to acquiring, using and disseminating information from the global information infrastructure in accordance with CSE’s lawful mandate under section 16 of the Communications Security Establishment Act, to provide foreign intelligence in accordance with the Government of Canada’s intelligence priorities, which has implications for Canada’s international affairs, defence or security. Includes records/information resources related to requests for the provision of technical and operational assistance to federal law enforcement and security agencies, the Canadian Forces and the Department of National Defence pursuant to section 20 of the Communications Security Establishment Act.
Document Types: Intelligence requirements, briefings, studies, publications, plans, analyses, reports, technical documentation, policies, instructions, memoranda of understanding, information obtained from public sources, strategies, training materials, presentations, standards.
Record Number: CSE MIS 080
Communications Security Establishment (CSE) - Foreign Intelligence Files CSE PPU 040 - Personal Information Bank
Description: This bank describes personal information acquired from or through the global information infrastructure, including by engaging or interacting with foreign entities located outside Canada or by using any other method of acquiring information for the purpose of providing foreign intelligence, in accordance with the Government of Canada’s intelligence priorities. Personal information may include name, contact information, biographical information, financial information, employment information, views and opinions of, or about, individuals, and other personal information of relevance obtained in the course of intelligence gathering.
Note: This bank is designated by the Governor-in Council as an exempt bank pursuant to subsection 18(1) and based on section 21 of the Privacy Act.
Class of Individuals: Individuals whose information may be collected in the course of intelligence gathering, in accordance with the mandate of the Communications Security Establishment (CSE).
Purpose: Personal information in this bank is used to provide information or intelligence about the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group, as they relate to international affairs, defence or security. The authority to collect this personal information is derived from section 16 of the Communications Security Establishment Act.
Consistent Uses: The personal information described in this bank may be shared with relevant stakeholders in accordance with CSE authorities and policies and may be disclosed to domestic investigative bodies for the fulfillment of their lawful duties. Information may also be shared with entities that have powers and duties similar to CSE (including entities of foreign states or that are international organizations of states or institutions of those organizations), for the purposes of the furtherance of its mandate.
Retention and Disposal Standards: Information in this bank may be retained as long as it is operationally required. Information that is not deemed essential to international affairs, defence or security must be deleted after 30 days.
RDA Number: 98/005
Related Record Number: CSE MIS 080
TBS Registration: 20130231
Bank Number: CSE PPU 040
Identification, authentication, authorization services – Class of Record
Description: Includes records related to access management, authentication, delegated administration, directory services, trusted identities, password management, privilege management, self-service, single sign-on, and Public Key Infrastructure (PKI) management.
Document types: Agendas, agreements, action item reports, business analysis documents, business cases, business requirement documents, briefings and updates, budgets, contracts documentation, client agreements, charts, graphs and diagrams, communiqués, correspondence, cover letters, feasibility studies, guidelines, invoices, letters of acceptance, lists, line of business profit & loss reports, manuals and guides, minutes, memoranda of understanding, operating level agreements, operation procedures, policies, strategies and plans, preliminary assessments, pricing sheets, product roadmaps, reports, requests for proposals, records of decision, service agreements, service level agreements, service level agreement templates, service catalogues, standard statements of work, statements of qualification, submissions, Treasury Board submission drafts, technical documents, template documents, timesheets, terms of reference, work descriptions, work plan documents, project plans, presentations, and proposals.
Record number: CSE MIS 001
Communications Security Establishment (CSE) - Electronic identification and access management - CSE PPE 001
Description: This bank describes information related to electronic identification and access management used in support of securing information and systems under the control of CSE. Personal information may include name, place of birth, nationality, sex, height, weight, hair colour, eye colour, security clearance and indoctrinations, contact information, driver’s licence number, employee identification number, licence conditions, other identification numbers, username, image, password, signature, date of birth, passport number, and recovery secrets.
Class of individuals: Employees and those individuals on assignment or contract who require access to CSE systems and applications.
Purpose: Personal information is used to manage electronic identities in the issuance, use, and cancellation of access to electronic systems in support of securing information and systems under the control of CSE and its partners. This information allows for user validation and management of electronic systems and applications, including the issuance of identity-based Public Key Infrastructure (PKI) certificates. Certificates are used for encryption of data, as well as for identification and authentication of individuals. The authority to collect this personal information is derived from section 7(1) of the Financial Administration Act and section 17(a) of the Communications Security Establishment Act.
Consistent uses: The information may be used to monitor audit trails regarding credential usage and for evaluation and reporting purposes. In the event of suspected security or privacy breaches, information may be shared with departmental Security and Privacy officials (see Standard PIB Security Incidents – PSU 939). For suspected criminal activity, information may also be disclosed to the Royal Canadian Mounted Police for investigation purposes (see Operational Case Records – RCMP PPU 005). Information may also be shared with appropriate staff relations officers, for any disciplinary actions (see Discipline – PSE 911). Information may be shared with Five-Eyes Partners to verify the user’s identity and indoctrination level.
Retention and disposal standards: General information in this bank is kept between two (2) years (for most personal information elements) and thirty (30) years (for personal information elements required for auditing purposes) after the date of last modification and is subsequently destroyed. PKI certificates, issued for the purpose of encryption and authentication, are retained for ten (10) years after the date of last modification, and are subsequently destroyed.
RDA Number: 97/003
Related Record Number: Information Management – PRN 944
TBS Registration: 20210080
Bank Number: CSE PPE 001
Cyber Defence
The Cyber Defence Program provides advice, guidance and services to help ensure the protection of electronic information and information systems of importance to the Government of Canada, as mandated by section 17 and 18 of the CSE Act and in accordance with the Policy on Government Security.
Cyber Defence - Class of Record
Description: Cyber Defence includes records/information related to cyber defence activities that strengthen the ability to prevent and reduce the probability of successful cyber intrusions. The records/information are used in the provision of cyber defence activities, monitor government networks to detect potential cyber threats and to analyze, evaluate, mitigate and defend against cyber activities that threaten or potentially threaten the Government of Canada (GC) systems and networks and systems of importance to the GC.
Document Types: Document types include threat analysis and reporting vehicles and related documentation. For example, records include threat analysis and mitigation advice, policies, briefings, reports, strategies and technical documentation.
Record Number: CSE 002
Communications Security Establishment (CSE) - Cyber Defence, CSE PPU 007 - Personal Information Bank
Description: This bank relates to the personal information that may be collected by CSE during its assessment activities, in support of information infrastructures of importance to the Government of Canada to help them identify, isolate or prevent harm to their computer systems or networks. Personal information collected may include, full name, email address, IP address and any incidental personal information that is contained in electronic routing and identification information.
Note: This bank applies to personal information obtained as part of CSE’s mandate set out in sections 17 and 18 of the CSE Act and in accordance with the Policy on Government Security. CSE is required by law to ensure that its activities are subject to measures to protect the privacy of Canadians.
Class of Individuals: This bank applies to potentially any individual who communicates electronically or has electronic transactions with an information infrastructure of importance to the Government of Canada while CSE is conducting an assessment of that institution’s electronic information and / or information technology infrastructure.
Purpose: Personal information may be used to assess potential threats to information technology systems subject to the assessment, and to help ensure the security of these electronic systems.
Consistent Uses: Where evidence of possible illegal activities are identified within the originating institution during CSE’s assessment, CSE may report the matter to that institution having the control of the personal information, for further action. The personal information described in this bank that is part of a cyber threat assessment may be disclosed to domestic investigative bodies for the fulfillment of their lawful duties or foreign bodies in accordance with agreements or Ministerial Direction.
Retention and Disposal Standards: Information in this bank is held for up to thirty years then transferred to Library and Archives Canada.
RDA Number: 2002/011
Related Record Number: CSE 002
TBS Registration: 20130234
Bank Number: CSE PPU 007
Internal Services
Internal Services are groups of related activities and resources that are administered to support the needs of programs and other corporate obligations of an organization. These groups are: Management and Oversight Services; Communications Services; Legal Services; Human Resources Management Services; Financial Management Services; Information Management Services; Information Technology Services; Real Property Services; Materiel Services; Acquisition Services; and Travel and Other Administrative Services. Internal Services include only those activities and resources that apply across an organization and not to those provided specifically to a program.
Acquisitions
Acquisition Services involve activities undertaken to acquire a good or service to fulfill a properly completed request (including a complete and accurate definition of requirements and certification that funds are available) until entering into or amending a contract.
Communications Services
Communications Services involve activities undertaken to ensure that Government of Canada communications are effectively managed, well coordinated and responsive to the diverse information needs of the public. The communications management function ensures that the public – internal or external – receives government information, and that the views and concerns of the public are taken into account in the planning, management and evaluation of policies, programs, services and initiatives.
Financial Management
Financial Management Services involve activities undertaken to ensure the prudent use of public resources, including planning, budgeting, accounting, reporting, control and oversight, analysis, decision support and advice, and financial systems.
Human Resources Management
Human Resources Management Services involve activities undertaken for determining strategic direction, allocating resources among services and processes, as well as activities relating to analyzing exposure to risk and determining appropriate countermeasures. They ensure that the service operations and programs of the federal government comply with applicable laws, regulations, policies, and/or plans.
- Awards (Pride and Recognition) - Class of Record
- Classification of Positions - Class of Record
- Compensation and Benefits - Class of Record
- Employment Equity and Diversity - Class of Record
- Hospitality - Class of Record
- Human Resources Planning - Class of Record
- Labour Relations - Class of Record
- Canadian Human Rights Act - Complaints - Personal Information Bank
- Discipline - Personal Information Bank
- Grievances - Personal Information Bank
- Harassment - Personal Information Bank
- Internal Disclosure of Wrongdoing in the Workplace - Personal Information Bank
- Values and Ethics Code for the Public Service - Personal Information Bank
- Occupational Health and Safety - Class of Record
- Official Languages - Class of Record
- Performance Management Reviews - Class of Record
- Recruitment and Staffing - Class of Record
- Applications for Employment - Personal Information Bank
- Employee Personnel Record - Personal Information Bank
- EX Talent Management - Personal Information Bank
- Personnel Security Screening - Personal Information Bank
- Staffing - Personal Information Bank
- Values and Ethics Code for the Public Service - Personal Information Bank
- Relocation - Class of Record
- Training and Development - Class of Record
Information Management
Information Management Services involve activities undertaken to achieve efficient and effective information management to support program and service delivery; foster informed decision making; facilitate accountability, transparency, and collaboration; and preserve and ensure access to information and records for the benefit of present and future generations.
Information Technology
Information Technology Services involve activities undertaken to achieve efficient and effective use of information technology to support government priorities and program delivery, to increase productivity, and to enhance services to the public.
Legal Services
Legal Services involve activities undertaken to enable government departments and agencies to pursue policy, program and service delivery priorities and objectives within a legally sound framework.
Management and Oversight Services
Management and Oversight Services involve activities undertaken for determining strategic direction, and allocating resources among services and processes, as well as those activities related to analyzing exposure to risk and determining appropriate countermeasures. They ensure that the service operations and programs of the federal government comply with applicable laws, regulations, policies, and/or plans. These activities include investigating and resolving complaints submitted to CSE by members of the public, in addition to the following:
- Cooperation and Liaison - Class of Record
- Executive Services - Class of Record
- Internal Audit and Evaluation - Class of Record
- Planning and Reporting - Class of Record
Materiel
Materiel Services involve activities undertaken to ensure that materiel can be managed by departments in a sustainable and financially responsible manner that supports the cost-effective and efficient delivery of government programs.
Real Property
Real Property Services involve activities undertaken to ensure real property is managed in a sustainable and financially responsible manner, throughout its life cycle, to support the cost-effective and efficient delivery of government programs.
Travel and Other Administrative Services
Travel and Other Administrative Services include Government of Canada (GC) travel services, as well as those other internal services that do not smoothly fit with any of the internal services categories.
Manuals
- Administrative Policy Manual
- Operational Policy Manual
- Human Resources Policy Manual
- Security Integrity Index Manual
- Security Policy Manual
- Security Screening Procedures Manual
Additional Information
The Government of Canada encourages the release of information through requests outside the ATIP process. The Access to Information Act also specifies that it is intended to complement existing procedures for obtaining government information and is not to limit in any way the type of information that is normally available to the public, thereby denoting the importance of informal access. You may wish to consult the Communication Security Establishment's completed Access to Information summaries. To obtain information on how to make a formal request or informal request under the legislation we invite you to the following link: CSE ATIP.
Reading Room
In accordance with the Access to Information Act and the Privacy Act, the applicant may wish to review the material in person. Should you wish to review the CSE materials in Ottawa, Ontario, you must make an advance appointment by calling the Access to Information and Privacy Office at 613-991-8443, or by email at atip-aiprp@cse-cst.gc.ca.
