ARCHIVED - Privacy Impact Assessment Executive Summary – Phase I Entry/Exit
We have archived this page on the web
The information on this page is for reference only. It was accurate at the time of publishing but may no longer reflect the current state at the Canada Border Services Agency. It is not subject to the Government of Canada web standards.
In 2011, Canada and the United States (U.S.) issued the Beyond the Border: A Shared Vision for Perimeter Security and Economic Competitiveness which establishes a new long-term partnership built upon a perimeter approach to security and economic competitiveness and subsequently, the Perimeter Security and Economic Competitiveness Action Plan (Action Plan) which sets out the joint Canada – United States priorities for achieving this vision. As part of delivering on its commitments in the Action Plan, Canada and the U.S. are undertaking the Entry/Exit Initiative.
The Entry/Exit Initiative builds upon the Canada Border Services Agency's (CBSA) mandate to provide integrated border services that support national security and public safety priorities and facilitate the free flow of persons and goods.
The objectives of the Entry/Exit Initiative are to establish a common and integrated approach to border management and to support the integrity of Canada's immigration program.
The coordinated investments in entry and exit systems will allow the Government of Canada to better manage access to Canada from a security perspective, increase the effectiveness of its border management and enable targeted policy development and implementation in the future.
Meeting the objectives of the Entry/Exit Initiative will be accomplished through targeted investments in technology and infrastructure and a phased approach to the exchange of biographic Footnote 1 (i.e. name, citizenship) entry information. Three phases are applicable to travellers crossing the Canada-United States (U.S.) land border, consisting of the development of a system to exchange biographic information, such that a record of entry into one country could be considered as a record of an exit from the other. A fourth phase of the Entry/Exit Initiative will be the collection of biographic exit information on travellers in the air environment using outbound passenger manifests received from the airlines. The Entry/Exit Initiative is outlined in the Action Plan and is summarized as follows:
- (Phase I) By September 30, 2012: the implementation of a proof of concept to exchange the biographical data of third-country nationals, permanent residents of Canada and lawful permanent residents of the United States, at two to four Footnote 2 automated common land border ports of entry;
- (Phase II) By June 30, 2013, the implementation of the Entry/Exit Initiative exchanging the data of third-country nationals, permanent residents of Canada and lawful permanent residents of the United States, at all automated common land border ports of entry;
- (Phase III) By June 30, 2014, the expansion of the Entry/Exit Initiative to include the exchange of data on all travellers at all automated common land border ports of entry; and
- (Phase IV) With respect to air travel, by June 30, 2014, Canada will develop a system, under the Entry/Exit Initiative, to establish exit, similar to that in the United States, under which airlines will be required to submit their passenger manifest information on outbound international flights.
Exploratory work will be conducted for the future integration of entry and exit information systems for the marine and rail modes.
This Privacy Impact Assessment (PIA) is specific to Phase I of the Entry/Exit Initiative (hereinafter referred to as Phase I). Subsequent phases may be applicable to additional categories of individuals, and may include additional personal information elements and additional uses for the information. Prior to each phase being implemented, there will be additional privacy analysis.
Phase I is a proof of concept which will enable both governments to obtain information, evaluate the validity of the information sharing concept for statistical and analytical purposes, and identify the steps necessary in developing future technology and other improvements to subsequent phases of the Initiative. In Phase I, no additional uses for the information will be permitted, unless required by law.
Phase I is scheduled for implementation by September 30, 2012 and will include exchanging the data of third-country nationals Footnote 3 , permanent residents of Canada and lawful permanent residents of the U.S. at four automated common land border ports of entry.
The ports of entry are:
Canada | United States |
---|---|
Pacific Highway, Surrey, British Columbia | Pacific Highway, Blaine, Washington |
Douglas (Peace Arch), Surrey, British Columbia | Peace Arch, Blaine, Washington |
Queenston-Lewiston Bridge, Niagara-on-the-Lake, Ontario | Lewiston-Queenston Bridge, Lewiston, New York |
Rainbow Bridge, Niagara Falls, Ontario | Rainbow Bridge, Niagara Falls, New York |
Process, data exchange and timeframe:
Entry information is routinely collected by the CBSA Border Services Officers (BSOs) and exit (U.S. entry) information by U.S. Customs and Border Protection (CBP) Officers as a regular course of business when travellers present themselves seeking entry into either country.
At entry, each country presently collects the following data elements agreed upon for the Phase I exchange: Name, Date of Birth, Nationality/Citizenship, Gender, Document information (type, number and country of issuance). The only pieces of information to be exchanged, which are not already known to the receiving country, will be the date/time of entry and the port through which the individual has entered.
An extract of this data, collected during the September 30, 2012 to January 31, 2013 time period, will be exchanged. The first data exchange is expected in mid-October, 2012 with subsequent data transfers to occur until the two countries have shared approximately ninety (90) days of relevant entry data collected over the agreed upon time period.
Canadian data is stored in the CBSA's Passage History database and the transfer mechanism for the data exchange is an existing secure line between Canada and the U.S.
The exchanged data will only be used to determine the ability to reconcile exit data to data previously collected, as entry data, for those same individuals as well as for statistical and analytical purposes to support the development of future technology, and other improvements in subsequent phases of the Entry/Exit Initiative.
Legal and policy authorities for the collection, use and disclosure:
- Canada Border Services Agency Act, paragraph 5(1)
- Immigration and Refugee Protection Act, subsections 4(2), 20(1)(b) and 28(1)
- Privacy Act, section 4 and subsection 8(2)
- The Statement of Mutual Understanding (SMU) on Information Sharing, implemented in February 2003.
- Beyond the Border: A Shared Vision for Perimeter Security and Economic Competitiveness Action Plan.
As a result of the analysis of the privacy related elements of Phase I of the Entry/Exit Initiative, addressed in this PIA, the CBSA is implementing the following to enhance the privacy protections of the personal information:
- Signing a bilateral Letter of Intent (LOI) Footnote 4 with the United States Department of Homeland Security (which is consistent with the Beyond the Border Action Plan Statement of Privacy Principles by the United States and Canada) to document the roles and responsibilities of each participant;
- Registering a personal information bank (PIB) specific to the Entry/Exit Initiative with Treasury Board for publication in Info Source;
- Limiting the data elements being shared strictly to those that are required to identify an individual and complete the reconciliation exercise;
- Strictly controlling access to the internal database holding the information;
- Encrypting the information exchanged between Canada and the U.S. during transmission;
- Providing general notice via a series of communication vehicles, ranging from press announcements through to the publication of the bilateral LOI.
Privacy Impact Assessment Date / Version: | 2012-09-26 |
Office of the Privacy Commissioner file #: | |
Federal Institution: | Canada Border Services Agency (CBSA) |
Related Class of Record Number: | CBSA ENF 129 |
Personal Information Bank: | CBSA PPU 1202 |
Government Official Responsible for PIA: | Cathy Munroe, Vice President, Program |
Delegate for section 10 of the Privacy Act: | Dan Proulx Director, ATI and Privacy Division 410 Laurier Avenue West, 10th Floor Ottawa, Ontario K1A 0L8 Telephone: 613-941-7431 Facsimile: 613-957-6408 ATIP.AIPRP2@cbsa-asfc.gc.ca |
Risk identification and categorization
The core PIA must include a completed risk identification and categorization section as outlined below. To have consistent risk categories and risk measurement across government institutions, standardized risk areas (itemized below) and a common risk scale are to be maintained as the basis for risk analysis.
The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area.
The greater the number of risk areas identified as level 3 or 4, the more likely it is that specific risk areas will need to be addressed in a more comprehensive manner.
a) Type of program or activity | Risk scale |
---|---|
Program or activity that does NOT involve a decision about an identifiable individual | 1 |
b) Type of personal information involved and context | Risk scale |
---|---|
Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program. | N/A |
Personal information, with no contextual sensitivities after the time of collection, provided by the individual with consent to also use personal information held by another source. | N/A |
Social Insurance Number, medical, financial or other sensitive personal information or the context surrounding the personal information is sensitive; personal information of minors or of legally incompetent individuals or involving a representative acting on behalf of the individual. | N/A |
Sensitive personal information, including detailed profiles, allegations or suspicions and bodily samples, or the context surrounding the personal information is particularly sensitive. | N/A |
c) Program or activity partners and private sector involvement | Risk scale |
---|---|
Private sector organizations, international organizations or foreign governments | 4 |
d) Duration of the program or activity | Risk scale |
---|---|
Long-term program or activity | 3 |
e) Program population | Risk scale |
---|---|
The program's use of personal information for internal administrative purposes affects certain employees. | N/A |
The program's use of personal information for internal administrative purposes affects all employees. | N/A |
The program's use of personal information for external administrative purposes affects certain individuals. | N/A |
The program's use of personal information for external administrative purposes affects all individuals. | N/A |
f) Technology and privacy | Risk scale |
---|---|
Does the new or substantially modified program or activity involve implementation of a new electronic system or the use of a new application or software, including collaborative software (or groupware), to support the program or activity in terms of the creation, collection or handling of personal information? | No |
Does the new or substantially modified program or activity require any modifications to information technology (IT) legacy systems? | No |
Specific technological issues and privacy
|
Yes (3.) |
A YES response indicates the potential for privacy concerns and risks, which will require consideration and, if necessary, mitigation. |
g) Personal information transmission | Risk scale |
---|---|
The personal information is used in a system that has connections to at least one other system. | 2 |
h) Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee. | Risk scale |
---|---|
Reputation harm, embarrassment. | 2 |
- Date modified: