Human Resources Management System

Privacy impact assessment (PIA) summary

Overview

The Human Resources Management System (HRMS) is a national system that provides direct access to Human Resource (HR) information. It allows HR professionals to administer HR functions electronically by capturing a wide range of employee information including:

• career plans
• certifications
• dependents
• discipline
• education
• employment equity
• grievances
• health and safety and accident reporting
• language skills
• leave and leave entitlements
• skills
• tests, and
• training courses

HRMS also allows employees to electronically:

• access and update their personal information including:
  • addresses
  • marital status
  • phone numbers
  • the ability to self-identify
• view leave

Summary of risks and recommendations

General/overall use

Risk

Potential for personal information to be used for purposes for which it was not intended.

Recommendations for mitigation

Ensure that a memorandum of understanding exists for information provided to third parties and that it acknowledges their legal responsibility for the protection of personal information provided to them in accordance with:

• the Privacy Act, and
• the Personal Information Protection and Electronic Documents Act

Disposal

Risk

The HRMS application contains several categories of data. The collection of information did not commence for all categories upon initial implementation of the system.

Recommendations for mitigation

Develop electronic purging processes within the HRMS application according to established retention periods set out in CSC manuals.

Advise all stakeholders of the legal responsibility to dispose of personal information in accordance with Section 6 (3) of the Privacy Act.