Executive Summary
Advance Passenger Information / Passenger Name Record Program (API/PNR) – Intelligence:
Historically, the API/PNR program was created for the purposes of improving traveler risk assessment procedures in the air mode; retrieving information pertaining to individuals seeking entry to Canada, thereby allowing the Agency to conduct risk assessments, scenario-based risk analyses, and queries for enforcement and intelligence purposes on individuals prior to their arrival to Canada. API/PNR is specific to the air mode. CBSA intelligence activities interpret the border environment to identify threats or risks to its integrity by creating intelligence products to influence decision-makers in mitigating the identified threat. Intelligence products interpret actions, events and trends and are used to support activities that fall within the CBSA mandate. For example, the CBSA uses API/PNR data in the development of targeting scenarios, allowing the Agency to identify threats earlier in the travel continuum with a focus on a smaller segment of the population who represent a potentially higher-risk to Canadians, while facilitating the flow of low-risk people and goods.
The API/PNR program supports the Risk Assessment program which “’pushes the border out’ by seeking to identify high-risk people, goods and conveyances as early as possible in the travel and trade continuum to prevent inadmissible people and goods from entering Canada. This benefits the travelling public and the trade community by enabling the Agency to focus its examination and interdiction activities on high-risk people and goods, thereby facilitating the entry of low-risk travelers and goods. The Agency uses a variety of threat and risk assessment methodologies, intelligence and supporting technologies to identify potential risks to the security and safety of people and goods.”Footnote 1
The API/PNR Program supports the CBSA Intelligence Program, whereby actionable intelligence is collected, analyzed and distributed “regarding people, goods, shipments or conveyances bound for or leaving Canada” to help the CBSA and other law enforcement partners identify people, goods, shipments or conveyances that may be inadmissible or pose a threat to the security of Canada. CBSA officers located within Canada, at ports of embarkation or at posts abroad assess information collected from a wide range of sources. In addition, the CBSA provides timely, accurate, strategic, operational and tactical intelligence advice to government authorities, like-minded counterpart nations and stakeholders related to threats to national security, including information on terrorism, weapons proliferation, war crimes, organized crime, smuggling, immigration fraud and irregular migration, fraudulent documentation and border enforcement. Intelligence products such as lookouts, alerts, scientific reports and threat and risk assessments inform, support and enhance the Agency’s screening and targeting capabilities and other CBSA programs (such as Admissibility Determination, Criminal Investigations and Immigration Enforcement)”Footnote 2.
Protecting your Personal Information
The following personal information elements will be managed by the Intelligence Operations and Analysis Division (IOAD) under direction from the Enforcement and Intelligence Programs Directorate (EIPD):
- Advance Passenger Information (API)
- Passenger Name Record (PNR)
The Protection of Passenger Information Regulations (PPIR) defines the storage and retention requirements for PNR data, maximum retention periods of PNR data for intelligence purposes, and clearly outlines the parameters within which disclosures can be made to domestic partner agencies and to the governments of foreign states.
Access to API/PNR data for intelligence purposes is limited to: the Intelligence Operations and Analysis Division (IOAD); Targeting officers; the Targeting Intelligence Unit; and regional Enforcement and Intelligence Operations officers. The CBSA may disclose PNR information solely in accordance with the PPIR. API disclosures are provided under section 107 of the Customs Act and/or the Subsection 8(2) of the Privacy Act. PNR information is subject to strict access and use controls and only authorized CBSA officers are permitted to view or share PNR data. All requests for PNR information must be documented in the Intelligence Management System (IMS) or other applicable system and only the minimum information reasonably required to satisfy the request will be released.
Risks & Mitigation Strategies
The following personal information elements will be managed by the Intelligence Operations and Analysis Division (IOAD) under direction from the Enforcement and Intelligence Programs Directorate (EIPD):
- 1) Accountability: the risk of managerial and organizational harm against the Agency; the risk of financial harm against the individual or Agency; the risk of reputational harm, inconvenience embarrassment or loss of credibility against the individual, employee or Agency.
- 2) Limiting use, disclosure and retention: the potential disruption of international agreements and relationships with foreign governments and the risk of physical harm against the individual or employee.
In view of these potential risks, the CBSA has developed strong control mechanisms.
Right of Access
The CBSA posts key details of the API/PNR program on its external website. These details define the legal requirements of commercial carriers to provide API information on all persons that board a conveyance bound for Canada and all PNR data collected for these persons, including the purpose for which the data is collected.
Canadian travellers are able to request a copy of their API/PNR data received by the CBSA from commercial air carriers, pursuant to the Privacy Act.
All travellers, regardless of their citizenship or presence in Canada, may informally request their API/PNR data or request a correction to erroneous data by completing the Traveller’s API/PNR Information Request Form, which is available on the CBSA’s website, and mailing it to the CBSA. The CBSA will forward a written response to the traveller generally within 30 days of receipt of the request.
Accountability
If a traveller has concerns about the collection, use, disclosure or retention of their personal information, they may issue a complaint to the Office of the Privacy Commissioner of Canada who is mandated to investigate. Complaints should be made in writing, and include the traveller’s name, contact information, and a brief description of their concerns. Details of the complaint process can be found on the Privacy Commissioner’s Website
- Date modified: