Electronic sharing of offender information via InfoPol with police forces

Privacy impact assessment (PIA) summary


InfoPol is a bilingual database designed by Correctional Service Canada (CSC) to share offenders' personal information electronically with police forces about offenders serving federal sentences who are paroled in the community or are actively being sought (suspended or revoked, unlawfully at large, escaped).

Police forces will access this information through a virtual private network (VPN) using an internet connection. The system also allows for the exchange of electronic correspondence between CSC and the staff and officers of police forces, which will provide additional capability for the direct and timely exchanges of essential information about the offenders.

Summary of risks and recommendation

General Use


Potential for information to be used for unauthorized purposes.

There is the potential of embarrassment for CSC should a police force misuse the personal information of an offender, which it had extracted from InfoPol.

Recommendations for mitigation

CSC has established contractual and technical measures to minimize the risks that police forces use the information in InfoPol for unauthorized purposes. CSC could develop an effective communications plan that could be used to explain the limitations of its action and responsibility in relation to the violation.

The PIA Team believes that the best way to respond to an occurrence resulting in potential embarrassment for CSC would be to make sure that the public understands the limitations of CSC's action and responsibility in that regards.

Retention and disposal


The possibility that the employees of police forces may reproduce and/or print some of the information to which they will have access and that they retain those copies beyond the schedules period for their disposition.

The possibility that the employees of polices forces improperly remove information from the system before the expiry of its retention schedule.

Recommendations for mitigation

These risks have always existed under the current arrangement and allowing police forces to access offenders' personal information via InfoPol instead of manually will not, in all probability, create those risks, especially when one considers that most police forces have been inputting the information they obtain manually from CSC onto their own information management systems.



CSC conducted a threat risk assessment (TRA) in relation to InfoPol in the fall of 2003.

Recommendations for mitigation

At the time of this PIA report, CSC authorities were in the process of addressing the technical security issues that were identified during the course of the TRA

Date modified: