Executive Summary
NEXUS Privacy Impact Assessment
NEXUS is a bi-national Canada-United States (U.S.) program managed by the Canada Border Services Agency (CBSA) and U.S. Customs and Border Protection (CBP).
NEXUS allows for customs and immigration border clearance processes to be streamlined for pre-approved, low-risk travellers. Membership is five years and provides expedited border clearance into Canada and the U.S. in the land, air and marine travel modes. NEXUS members use dedicated lanes in the highway mode; self-serve kiosks in the air mode; and, by reporting through Telephone Reporting Centres in the marine mode.
To become a member of the NEXUS program, an applicant voluntarily submits an application by applying electronically using the Global Online Enrollment System (GOES) maintained by CBP. The personal information entered by the applicant is used by the CBSA and CBP to confirm their identity and to determine the eligibility of an applicant and the continued eligibility of a member.
When an applicant is accepted as a NEXUS member, periodic risking is performed as well as ad hoc risking based on cause. Also, an assessment is performed at each passage to confirm if there have been any infractions that would result in the revocation of the membership or in the inadmissibility of the member into either Canada or the U.S.
On March 10, 2011, a Privacy Impact Assessment (PIA) for the NEXUS program was submitted to the Office of the Privacy Commissioner of Canada. Since the original NEXUS PIA, the following developments have occurred that impact the NEXUS program:
- The Canadian Air Transport Security Authority (CATSA) implemented the Trusted Traveller CATSA Security Lines to provide dedicated CATSA security screening lines to NEXUS members at various airports;
- NEXUS kiosks have been installed at tier 1 Canadian airports and Billy Bishop Toronto City International Airport;
- In 2014, the CBSA launched a pilot project called NEXUS Electronic Gate (eGate) to allow 24/7 access to the NEXUS lane at the Peace Bridge land border port of entry at Fort Erie, Ontario;
- The CBSA and CBP are seeking to expand eligibility of the program to third country nationals that are members of their own domestic program, where an arrangement between the three parties is forged; and
- Canada has committed to implementing Vicinity Radio Frequency Identification technology in a number of NEXUS lanes. This technology allows faster secure capture of individual traveller information while in the Primary Inspection Line prior to their arrival at the primary inspection booth in the highway mode.
These developments are included in the updated NEXUS PIA submitted to the Office of the Privacy Commissioner in January 2017.
Protecting your Personal Information
The following personal information elements will be collected and managed by the NEXUS program:
- full name
- contact information
- employment information
- signature
- biographical information
- biometric information (iris captured for air travel only)
- citizenship
- criminal checks/history
- date of birth
- credit card information (if not paying by certified cheque or money order); and
- identification numbers such as those contained on the birth certificate, driver's license or passport, work/study permits, permanent resident cards, etc.
- fingerprints (collected by U.S. CBP only)
Personal information is not disclosed to other federal departments during the risk assessment process. Rather, the CBSA uses the information to run queries in other institution's databases, which the CBSA has access to such as: the Royal Canadian Mounted Police's criminal information database; Immigration, Refugees and Citizenship Canada's (IRCC) databases; the National Crime Information Center of the U.S. ; and, the CBSA customs database.
The pass/fail result of the risk assessment at initial application and during periodic and ad hoc risk assessments is shared with CBP as part of the eligibility and continued eligibility determination processes. Pursuant to s.107 of the Customs Act, information regarding admissibility may be disclosed to IRCC and within the CBSA to enforce the Immigration and Refugee Protection Act and the Customs Act respectively, and information may be shared with accredited domestic law enforcement agencies engaged in the administration or enforcement of the law, and in the detection, prevention, or suppression of a crime. CBP conducts its own risk assessment process against its respective domestic law enforcement, immigration, customs, and criminal and intelligence databases. CBP shares only the pass/fail result with the CBSA. For both the CBSA and CBP, the reason for rejection of an application or cancellation of a membership is not shared between the two agencies.
Right of Access
A Privacy Notice statement appears on the GOES screen when applying on-line. The Privacy Notice statement describes the purpose, use, disclosure and retention of personal information collected or created as part of the NEXUS program.
Pursuant to the Privacy Act and its regulations, the Canada Evidence Act and the Customs Act, the retention periods for NEXUS information are as follows:
Electronic and paper applications may be destroyed according to the following schedule:
- Rejected applications for NEXUS: The application forms and accompanying documents may be destroyed two years after the redress period has expired if there has been no request for redress.
- Successful applicants for NEXUS: The applications may be destroyed six years after the date on which an application is approved.
- Where the Canadian Processing Centre is scanning and creating electronic records of application forms, the paper applications may be destroyed once electronic copies have been made. The electronic copies should be retained according to the same paper application retention schedule above.
Biometric information may be destroyed according to the following schedule:
- Rejected applicants to NEXUS: Original iris scans are retained for at least two years, then destroyed.
- Successful applicants to NEXUS: Only approved members are required to provide a photograph and fingerprints (fingerprints are collected by CBP only and are not shared with the CBSA). The retention period for the photograph and the initial iris scan taken at the time of enrolment is at least two years or the length of the membership, whichever is longer. Iris templates used to identify a member at time of passage are kept for a period of two years following each passage.
You may formally request access to your personal information, or access to corporate records related to or created by the NEXUS program by contacting the Access to Information and Privacy Division. More information about Access to Information and Privacy.
Accountability
If you have concerns about the collection, use, disclosure or retention of your personal information, you may issue a complaint to the CBSA Access to Information and Privacy Division. Complaints should be made in writing and include your name, contact information, and a brief description of your concerns. Contact the Access to Information and Privacy Division at the CBSA.
If you are denied or revoked from the NEXUS program by CBP, you will be provided the process for seeking clarification in writing. You may also appeal the decision by writing to the CBP Trusted Traveller Ombudsman. Further information on these processes can be found on the U.S. Customs and Border Protection web site.
If you are denied membership in the NEXUS program or are cancelled or suspended from the program by the CBSA, you may write to the Recourse Directorate at Headquarters or on-line to request a review of the decision within 90 days of the date shown on the NEXUS letter. Visit CBSA's NEXUS Recourse information section for further information on these processes.
- Date modified: