Executive Summary
NEXUS Privacy Impact Assessment
NEXUS is a bi-national Canada-United States (U.S.) program managed by the Canada Border Services Agency (CBSA) and U.S. Customs and Border Protection (U.S. CBP). The Trusted Traveller Programs Unit of the Travellers Programs at the CBSA is the Office of Primary Interest (OPI) for NEXUS.
NEXUS allows customs and immigration border clearance processes to be streamlined for pre-approved, low-risk travellers, and permits the CBSA and the U.S. CBP to allocate their resources more effectively at the border. Membership is five years and provides expedited border clearance into Canada and the U.S. in the land, air and marine travel modes. In 2002, the NEXUS program was delivered in a travel mode specific format, beginning with the NEXUS Highway Program. Subsequently in 2006, the NEXUS suite of programs was harmonized to provide members with expedited travel privileges in all three travel modes (land, air and marine). NEXUS members use dedicated lanes in the highway mode, self-serve kiosks in the air mode and report through the Telephone Reporting Centres (TRC) in the marine mode.
To become a member of the NEXUS program, an applicant submits an electronic application form through the Trusted Traveler Programs (TTP) System (formerly the Global Online Enrollment System (GOES)) which is maintained by the U.S. CBP. It should be noted that the U.S. CBP uses the personal information collected from an applicant to perform its own risk assessment and make its own decision whether to pass/fail an applicant based on the information provided, a process that is not within the scope of this Privacy Impact Assessment (PIA). The U.S. CBP then forwards the personal information electronically through their Global Enrolment System (GES) to the CBSA’s Global Enrolment Component (GEC) of the Integrated Customs System (ICS) where it is assessed against a variety of enforcement databases to determine program eligibility. The personal information entered by the applicant is used by the CBSA and the U.S. CBP to confirm their identity and to determine the eligibility of an applicant and the continued eligibility of a member.
Note: In an effort to modernize the application process, effective , the CBSA eliminated paper application forms. However, the Canadian Processing Centre (CPC) continues to process any NEXUS paper applications received after this date in order to minimize the impact to applicants. Individuals expressing interest in applying to the NEXUS program are being advised to submit their application online through the TTP System as this is now the sole application method available.
When an applicant is accepted as a NEXUS member, periodic risking is performed as well as ad hoc risking based on cause. Also, an assessment is performed at each passage to confirm if there have been any infractions that would result in the revocation of the membership or in the inadmissibility of the member into either Canada or the U.S.
On , a PIA for the NEXUS program was submitted to the Office of the Privacy Commissioner of Canada (OPC). Observations and recommendations made by the OPC in August 2011 were addressed, and communication with the OPC continued as the NEXUS program evolved.
Subsequent developments were included in the updated NEXUS PIA that was submitted to the OPC in early 2017. In a response letter from the OPC dated , there were no specific comments or recommendations provided on the PIA.
Existing NEXUS kiosks are now reaching their end-of-life. In response, the CBSA has developed a new initiative, NEXUS Modernization, which aims to reduce program costs and improve processing by replacing iris biometric with facial biometric verification. This initiative will shift NEXUS processing of travellers to the Primary Inspection Kiosk (PIK) public-private partnership model, using facial biometrics to facilitate traveller processing and enable simplified updating and maintenance of hardware. To facilitate this move, the CBSA will be leveraging the high-quality photograph on the ePassports of existing NEXUS members and new applicants. In more detail, binary encoded characters are extracted from the ePassport that are converted into an image format (JPG/PNG), stored and communicated to the Airport Authorities (AA) when a NEXUS member is using a NEXUS Kiosk. Iris biometrics will continue to be used until facial biometrics are fully implemented, which is expected to happen in early 2020. The update to the NEXUS PIA will explain in more detail how this process works and any associated risks.
Protecting your Personal Information
The following personal information elements will be managed by the NEXUS program:
- full name
- contact information
- signature
- biographical information
- biometric information (for air travel only)
- citizenship status
- criminal checks/history
- date of birth
- credit card information (if not paying by certified cheque or money order)
- identification numbers such as those contained on the birth certificate, driver’s license or passport
Personal information collected during the application process is protected by the Customs Act and the Privacy Act and is only disclosed to other federal departments for the purpose of the operation of the NEXUS program and pursuant to the relevant Canadian laws and regulations governing such disclosure. The CBSA uses the personal information collected to query various enforcement and information databases to which the CBSA has access, including the following:
- Canadian Police Information Centre (CPIC) – Royal Canadian Mounted Police (RCMP) – contains criminal records
- National Crime Information Center of the United States (NCIC) – contains U.S. national intelligence information – wants/warrants and criminal records
- Integrated Customs Enforcement System (ICES) – CBSA – contains customs seizures for a period of six years plus the current year and current data. ICES also contains customs/immigration lookouts as well as Wants and Warrants and
- Interdiction and Border Alert System (IBAS) – CBSA – accumulates data to allow high-speed/high-volume querying by other applications against multiple sources including the Immigration, Refugees and Citizenship Canada’s (IRCC) Global Case Management System (GCMS), information related to Criminal Removals, Lost, Stolen, Fraudulent documents (LSFDs) and Criminal Records in Canada and the U.S.
The pass or fail result of the risk assessment both at initial enrolment and during periodic risk assessment is shared with the U.S. CBP as part of the eligibility and continued eligibility determination process. Pursuant to section 107 of the Customs Act, information regarding admissibility may be disclosed to IRCC and within the CBSA to enforce the Immigration and Refugee Protection Act and the Customs Act respectively, and information may be shared with accredited domestic law enforcement agencies engaged in the administration or enforcement of the law, and in the detection, prevention, or suppression of a crime. The U.S. CBP conducts its own risk assessment process against its respective domestic law enforcement, immigration, customs and criminal and intelligence databases to determine the applicant’s eligibility and continued eligibility into the NEXUS program. The U.S. CBP shares only the pass or fail result with the CBSA. For both the CBSA and the U.S. CBP, the reason for rejection of an application or cancellation of a membership is not shared between the two agencies.
The collection of information for the NEXUS program is used to determine an applicant’s eligibility for inclusion in the program as well as their ongoing eligibility.
Right of Access
A Privacy Notice statement appears on the paper application form and is also presented on the TTP System screen when applying on-line. The Privacy Notice statement describes the purpose, use, disclosure and retention of personal information collected or created as part of the NEXUS program.
Pursuant to the Privacy Act and its regulations, the Canada Evidence Act and the Customs Act, the retention periods for NEXUS information are as follows:
Electronic and paper applications may be destroyed according to the following schedule:
- Rejected applications for NEXUS: The application forms and accompanying documents may be destroyed two years after the redress period has expired if there has been no request for redress. This information is kept in order to satisfy Privacy Act requirements to keep personal information for two years following the last administrative use and to allow refused applicants the opportunity for redress.
- Successful applicants for NEXUS: The applications may be destroyed six years after the date on which an application is approved. The retention period for the accompanying documents is two years following the last time the personal information was used for an administrative purpose.
- Where the Canadian Processing Centre (CPC) is scanning and creating electronic records of application forms, the paper applications may be destroyed once electronic copies have been made. The electronic copies should be retained according to the same paper application retention schedule above.
Biometric information may be destroyed according to the following schedule:
- Rejected applicants to NEXUS: Failed applicants do not provide any biometric data.
- Successful applicants to NEXUS: Only approved members are required to provide a photograph for their NEXUS card and fingerprints (collected by U.S. CBP only and not shared with the CBSA). Iris biometrics are being phased out and replaced with facial biometric matching using the ePassport photo. The retention period for the NEXUS card photograph and the initial iris scan taken at the time of enrolment is at least two years. Iris templates (unique signature of the various points of interest of the iris) and the ePassport photo used to identify a member at time of passage are kept for a period of two years following each passage.
Applicants may formally request access to their personal information or access to corporate records related to or created by the NEXUS program by contacting the Access to Information and Privacy Division. More information about this can be found on the CBSA website:
Accountability
If the applicant has concerns about the collection, use, disclosure or retention of their personal information, they may issue a complaint to the CBSA ATI and Privacy Division. Complaints should be made in writing and include the applicant’s name, contact information and a brief description of their concerns. Contact information for the ATI and Privacy Division at the CBSA can be found on the CBSA website:
If a membership is revoked from or an applicant is denied membership to the NEXUS program by the U.S. CBP, the process for seeking clarification in writing will be provided. An applicant or member may also challenge the decision by contacting the local trusted traveller Enrolment Centre (EC) or by writing to the U.S. CBP Trusted Traveller Ombudsman. Further information on these processes can be found on the CBP website:
If an applicant is denied membership to the NEXUS program or a membership is cancelled or suspended from the program by the CBSA, you may write to the Recourse Directorate at Headquarters or submit an E-appeal on-line to request a review of the decision. The request for review must be submitted within 90 days from the date the rejection, suspension or cancellation of the membership. The 90 day period becomes effective either immediately when notified in person or fifteen days after the notice is mailed to the applicant or member. Further information on these processes can be found on the CBSA website:
- Date modified: