Annual Report to Parliament on the Administration of the Privacy Act 2017-2018
Key Activities and Accomplishments
Education and Training
Privacy training at CSE ensures all employees are informed of their responsibilities with regard to the management of personal information in both mission and non-mission related activities. In 2017-2018, the ATIP Office delivered 8 comprehensive privacy awareness training sessions, reaching a total of 170 personnel. CSE’s commitment to the learning and development of its employees will continue with additional sessions in 2018-2019.
Institutional Privacy Policies and Procedures
Most notably, the PPG team revamped its privacy breach documentation to streamline its internal privacy breach investigation process. In 2018-2019, PPG plans to update the PNA form based on CSE client feedback, in order to further enhance CSE’s privacy considerations.
Coinciding with Privacy Awareness Week, CSE officially launched the Privacy, Policy and Governance Office website. This website provides CSE employees with information on privacy accountabilities, responsibilities and activities. CSE employees can access important resources and tools via the website to support the development of Privacy Notice Statements, Privacy Needs Analysis, Privacy Impact Assessments, Privacy Breach investigations, Personal Information Banks and to request Privacy Awareness Training.
ATIP Operations implemented an initiative with its Offices of Primary Interest (OPIs) in order to increase efficiency and timeliness in the processing of requests by shifting the initial review of records to the ATIP Office. This initiative will continue to be monitored for effectiveness throughout the next fiscal year.
Privacy Impact Assessments
During the 2017-2018 reporting period, CSE completed one (1) Privacy Impact Assessment pertaining to CERRID2. CERRID2 is CSE’s corporate electronic document repository (EDRMS) for official unclassified and classified documents. CERRID2 allows authorized users to create, save, share, find and protect records through the application of business rules, roles and access-based authentication controls.