Privacy Impact Assessment of the Forms for the Complaint and Dispute Resolution Program

Table of Contents

• Background
• Scope of Work, Methodology and Approach
• Section 1: Overview and PIA Initiation
• Section II: Risk Area Identification and Categorization

Background

The Canadian Transportation Agency (Agency) is an independent, quasi-judicial tribunal established under the Canada Transportation Act, S.C. 1996, c. 10, as amended (CTA). It makes economic determinations and resolves disputes on a wide range of matters involving air, and federal rail, marine and bus transportation under the CTA. Transportation users and service providers turn to the Agency for dispute resolution about transportation services; rates, fees and charges; terms and conditions of carriage; and accessibility matters. The Agency offers various dispute resolution options, including facilitation, mediation, arbitration, final offer arbitration and formal adjudication. 

One of the key tools the Agency uses in carrying out its mandate is the Canadian Transportation Agency Rules (Dispute Proceedings and Certain Rules Applicable to All Proceedings) [Dispute Adjudication Rules], which set out the overall procedures, processes and general timelines applied by the Agency. The Dispute Adjudication Rules are a revised version of the Canadian Transportation Agency General Rules, which were in place since 2005.

As such, the Dispute Adjudication Rules establish specific procedures designed for the adjudication of disputes. The  revisions made to the General Rules put in place significant improvements to benefit users of the Agency’s services.

The Agency took on a phased approach in amending the General Rules:

1. Phase 1 Amendment: On June 3, 2013 the Agency amended the General Rules from a two member quorum for making decisions to a one member quorum.
2. Phase 2 Amendment: The implementation of the remaining amended rules came into effect in June 2014. The revised General Rules contain new Rules of Procedure for Adjudicating Disputes, which are intended to enhance the clarity, transparency and predictability of the formal adjudication process in dispute proceedings.

In anticipation of the new Dispute Adjudication Rules, the Agency developed new forms to be used by individuals as a resource tool in support of the new Rules. The forms, which are not mandatory for individuals to complete, are suggested by the Agency as they incorporate specific information requirements that are set out in schedules to the new Rules to improve the completeness of filings with the Agency, and help ensure that the Agency’s processes are as efficient and effective as possible. 

This PIA focuses on both the Agency's newly developed forms and revised forms for complaints (i.e. air travel complaints and disability/accessibility-related complaints related to air, rail, marine, and interprovincial buses) in relation to the new Dispute Adjudication Rules. Specifically, the PIA has reviewed the business processes and data flows of personal information associated with:

• Eighteen new procedural forms; and two revised forms for air travel complaints and disability/accessibility-related complaints – all of which collect personal information;
• The process for the electronic submission of forms via Linoma software – a managed file transfer (MFT) and secure file transfer protocol (FTP) solution for streamlining and automating file transfers between clients, stakeholders and the Agency; and,
• The processes for the end-to-end management of personal information within the Agency through the dispute adjudication process.

Scope of Work, Methodology and Approach

The scope of this PIA is restricted to the business process and basic data flows of personal information associated with the dispute adjudication process only.

Personal Information

For federal government institutions, personal information is very broadly defined as, “… information about an identifiable individual that is recorded in any form”. The applicable definition of personal information is contained in section 3 of the Privacy Act. This definition, although lengthy, is not exhaustive, as indicated by the introductory phrase, “…including, without restricting the generality of the foregoing”, prior to the list of examples. Information that is not specifically mentioned in the list may still be included in the definition of personal information if it qualifies as “…information about an identifiable individual.” 

The dispute adjudication process involves the collection and management of personal information of individuals making a complaint and their authorized representatives (if applicable). The types of personal information include:

• Full name and contact information (i.e. mailing address, telephone numbers, email address)
• Age
• Marital status
• Financial information (i.e. receipts, credit card statements)
• Travel information (i.e. tickets, reservation numbers, cities travelled – to and from)
• Medical condition for persons with disability or accessibility issues
• Opinions, views of, or about individuals
• Signatures

Privacy Requirements

The Agency is subject to the Privacy Act and, therefore, is required to comply with its requirements concerning the collection, use, disclosure, and protection of personal information. In addition, the Agency must comply with Treasury Board Secretariat policies and directives related to privacy, specifically:

• Policy on Privacy Protection 
• The Directive on Privacy Practices
• The Directive on Privacy Impact Assessment (PIA)

Section 1:  Overview and PIA Initiation

1. Senior Official Responsible

For the purposes of the Privacy Act, the Chair and Chief Executive Officer is the head of the Canadian Transportation Agency, including the requirement for the creation of Personal Information Banks (PIBs) as described in subsection 10(1) of the Privacy Act. The Chair and Chief Executive Officer has delegated the authorities found in section 10 of the Act to the Coordinator, Access to Information and Privacy.

Government Official responsible for the PIA

Director General, Dispute Resolution Branch

Delegate for section 10 of the Privacy Act

Senior Manager, Information Services, Shared Services Projects and ATIP Coordinator

2. Description of the class of records associated with the program or activity:

A review of the Agency's current Info Source Chapter appropriately shows the classes of records in support of the Agency's programs and activities

3. Corresponding PIBs:

The personal information collected, used, disclosed and retained by Agency programs is appropriately identified in the institution's Info Source Chapter.

It was proposed that PIBs be modified as a result of this activity. This has been done (December 31 2015).

4. Legal Authorities for Program or Activity:

• Canada Transportation Act
• A complaint under section 52 or 94 of the Canada Marine Act;
• A complaint under section 13 of the Shipping Conferences Exemption Act, 1987;
• An appeal under subsection 42(1) of the Civil Air Navigation Services Commercialization Act;
• An application under section 3 of the Railway Relocation and Crossing Act;
• A reference under sections 16 and 26 of the Railway Safety Act; or
• A notice of objection under subsection 34(2) of the Pilotage Act.
• Air Transportation Regulations
• Canadian Transportation Agency  Rules (Dispute Proceedings and Certain Rules Applicable to All Proceedings)

Section II:  Risk Area Identification and Categorization

This summarizes the privacy risks identified through the PIA process. Risk is defined by a factor of both impact and likelihood of occurrence. The goal of risk management is to maintain privacy risks within acceptable bounds. The higher ratings provide an indication of priority areas for implementing suggested risk mitigation mechanisms.

The Agency is a moderately compliant organization in terms of privacy risk; one high risk and three low risks have been identified. This, however, is not unusual at the development state of a project or process, and the risks can be more commonly considered gaps that have yet to be addressed by the project as opposed to active risks. The risk level relates to the extent to which the gap was not addressed at the time of implementation and “go-live”.

a) Type of Program or Activity

Score: 2:  Administration of program or activity and services

Personal information is used to make decisions that directly affect the individual (i.e. determining eligibility for programs, including authentication for accessing programs/services, administering program payments, overpayments, or support to clients, issuing or denial of permits/licenses, processing appeals, etc.).

Administration of Program/Activity and Services: The Agency is an independent, quasi-judicial tribunal established under the Canada Transportation Act, S.C. 1996, c. 10, as amended. The Agency resolves disputes in the interest of users, service providers and others affected by the federal transportation network through access to a specialized dispute resolution system of formal and informal processes for rail, air, marine and interprovincial bus transportation matters within the federal transportation network.

The Agency is bound by the rules of procedural fairness and must make its decision based on the evidence on file. It is therefore up to the parties to plead their case before the Agency. The Agency must remain impartial at all times.

In the case of a formal complaint process, the Agency will render a formal decision upon completion of the pleadings stage. Formal decisions are public documents and are posted on the Agency's Web site. They contain the names of the parties involved in the dispute, a brief description of the incident, a summary of the pleadings, an analysis of the complaint and the Agency's conclusions and any corrective action that it has ordered.

b) Type of Personal Information Involved and Context

Score: 3: Social insurance number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive, personal information of minors or a representative acting on behalf of the individual.

Personal information, with no contextual sensitivities after the time of collection, provided by the individual with consent to also use personal information held by another source: personal information is currently collected in consideration of the Dispute Adjudication Rules. These Rules incorporate specific information requirements that are set out in schedules to improve the completeness of filings with the Agency, and to help ensure that the Agency’s processes are as efficient and effective as possible. Individuals and organizations can submit complaints to the Agency using the new and revised forms that have been developed by the Agency in support of the new Dispute Adjudication Rules. However, individuals and organizations can also submit information in person, or via regular mail, courier, facsimile and email in accordance with the Agency's instructions for doing so. Individuals or their authorized representatives and organizations submitting a complaint provide the Agency with their name, and contact information as well as information related to the complaint which may include ticket information, financial information (receipts, credit card statements).

Other sensitive personal information and/or the context surrounding the personal information is sensitive, for example: medical or other sensitive personal information and/or the context surrounding the personal information is sensitive; and personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual: currently personal information is collected in consideration of the Dispute Adjudication Rules. For individuals submitting accessibility/disability-related complaints, personal information as noted above may be provided to the Agency as well as more sensitive information may be provided relating to the individual's medical condition. The Agency provides notice to all individuals submitting complaints that any information they submit is part of the quasi-judicial decision-making process where these documents are considered public record and therefore available to the public.

c) Program or Activity Partners and Private Sector Involvement

Score: 1:Within the institution (amongst one or more programs within the same institution) 

Within the institution: The Agency provides a complaint process within each of the business activities identified below.

• Accessible Transportation
• Air Transportation
• Rail Transportation
• Marine Transportation

The complaints and dispute adjudication process has been streamlined within the Agency so that complaints applications are sent to the appropriate business activity within the Dispute Adjudication Directorate. The information provided via the complaint application is then assessed for completeness by the respective complaints officer in the applicable business activity. Complaint documents also circulate to Records for tracking in RDIMS and file creation; and may also involve Legal Services to the extent that legal counsel is required.

With other federal institutions: Other federal institutions may be involved in certain cases where they request intervenor status on issues related to their mandate.

Private sector organizations or international organizations or foreign governments: A copy of the complaint and related documents is provided to the party against which the complaint is filed. This is part of the quasi-judicial decision-making process where these documents are considered public record and therefore available to the public.

The Agency renders a formal decision upon completion of its investigation. Formal decisions are public documents and are posted on the Agency's Web site. They contain the names of the parties involved in the dispute according to the open court principle, a brief description of the incident, a summary of the pleadings, an analysis of the complaint and the Agency's conclusions and any corrective action that it has ordered.

There may be exceptional cases to warrant the omission of certain identifying information from a complaint and pleadings. Such omission may be considered when a claim for confidentiality is submitted by a party whereby evidence is provided to support such omission. In such situations, the Agency will decide whether a document is confidential or if the name of the individual is not to be disclosed. The Dispute Adjudication Rules refer to the distinction between the public and confidential records.

d) Duration of the Program or Activity

Score: 3: Long-term program - existing program that has been modified or is established with no clear “sunset”.

e) Program Population

Score: 3: The program affects certain individuals for external administrative purposes.

The dispute adjudication process affects those individuals (or their authorized representatives) and organizations submitting a complaint under the CTA. Decisions made as a result of the complaints process may affect the individuals involved, as well as the other party that is the subject of the complaint. For example, an order can relate to changes in a service provider's policies, procedures, equipment, etc. and can have a broad impact on persons, shippers, service providers, etc.

f) Technology and Privacy

Yes - the new or modified program or activity involves the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?

A new Agency-wide, secure file transfer system is being implemented, Linoma software, but it will not be exclusive to the dispute adjudication process. This PIA will review only the implementation of such software on the dispute adjudication process. Other programs or activities implementing the Linoma software will be required to conduct their own review as applicable. Details of this PIA can be made available to such programs in the interest of sharing knowledge.

A TRA is complete in regards to the Linoma software on 2014-05-15

A website was added for the dispute adjudication process to the Agency's webprod2 server.

Specific technological issues

Does the new or modified program or activity involve the implementation of one or more of the following activities?

No - enhanced identification methods;

No - surveillance;

Yes - Use of automated personal information analysis, personal information matching and knowledge discovery techniques?

A link between records will take place, i.e. individuals will upload their complaint via secure file transfer (via Linoma) and key personal information such as:  name, last name, case ID, date and a sequential number will be matched and attached to the corresponding case in the Case Management System/RDIMS. This will ensure the accuracy of the information submitted, and that all files are complete.

g) Personal Information Transmission

Score: 3: The personal information is transferred to a portable device (USB key, diskette, laptop computer), to a different medium or is printed.

The personal information is used in a system that has connections to at least one other system: the information submitted via the Linoma software will be transferred to the Agency's Case Management System, which works in cooperation with the Agency's RDIMS system. It is noted that the Case Management System and RDIMS are not new systems used by the Agency.

The personal information is transferred to a portable device or is printed: all personal computers at the Agency are laptops.

Additional risks to note:  Although not part of normal operations, information that is transferred to a portable device such as a USB key, or that is printed cannot be ruled out. The Agency should ensure that its privacy management framework and information management procedures include measures to address the use of portable devices such as USB keys (i.e. measures addressing encryption of data, accountability if information is taken off site, consequences in light of loss, or breach of information, etc.)

Also, while the Agency does not currently employ wireless technologies, it may exist in the future under the Government of Canada's Workplace 2.0 initiative (http://www.tpsgc-pwgsc.gc.ca/biens-property/mt-wp/mt-wp-eng.html).

h) Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee

In relation to the complaints and dispute adjudication process, the impact on individuals in the event of a privacy breach would in most cases result in loss of privacy causing some inconvenience to the individual.

In cases where the subject of a privacy breach includes the information of minors, or persons with disabilities (i.e. Information containing medical, psychiatric or psychological descriptions), the impact of loss of privacy would be much greater causing inconvenience, loss of reputation and even harm to the individual involved.

Were there to be a compromise to personal information in relation to the complaints and dispute adjudication process, it is likely that a review of tools and internal practices would be required. In addition, given the Agency's corporate strategic priorities, a compromise of personal information could result in the Agency's privacy reputation being damaged, which could subsequently result in embarrassment for the Agency and loss of trust from individuals and organizations using the Agency's services.