National Intercept Centre
Privacy impact assessment (PIA) summary
A Privacy Impact Assessment (PIA) has been conducted on the National Intercept Centre (NIC). The purpose of the assessment is to determine if there are any privacy issues associated with the activities occurring at the NIC, as described below and to provide recommendations for their mitigation or resolution.
The NIC is being established to ensure national oversight, administration and governance thereby reducing corporate risks and will more effectively leverage intelligence information obtained from intercepted communications to ensure the security of the institution and safety of any persons. The current legal authority for intercepting inmate communication remains unchanged. The changing factor is the centralization of said activities and the additional capabilities and safeguards provided by networking the intercept equipment enabling effective oversight and use of information gathered via the interception of communications.
The NIC will be staffed by trained and dedicated individuals who will be responsible for the interception of inmate communications. Staff will be located in a secure space identified by Real Property and Accommodations and approved by the Departmental Security Division (DSD). Intelligence gathered through interception activities will be disseminated to local intelligence personnel, ensuring the relevant CSC directives on the reporting, recording and sharing of information are met, and that the collection, use, disclosure, retention and disposal of personal information is done in accordance with the Privacy Act and Treasury Board policies.
CSC utilizes a system that allows for the recording of telephone communications when programmed to do so. The equipment that is currently stand-alone, will be networked together in a CSC and Shared Services Canada (SSC) designed, controlled and managed network that is approved by IT Security. As well as other capabilities, it will allow the NIC to assume the duties related to managing user accounts. This will ensure consistent application and documentation of the procedures in place for access control. This will include adding new accounts, removing old accounts and the regular auditing of the account access lists.
Collection, use, disclosure and retention of personal information:
Section 96(z7) of the CCRA provides the legal authority to monitor, intercept and prevent communications between an inmate and another person and therefore provides the grounds to conduct interception activities of inmate communications.
Section 94(1) of the CCRR stipulates that the institutional head may authorize that communications between an inmate and a member of the public be intercepted where the institutional head believes on reasonable grounds (a) that the communications contain or will contain evidence of an act that would jeopardize the security of the penitentiary or the safety of any person, and (b) that interception of the communications is the least restrictive measure available in the circumstances.
Commissioner’s Directive 568-10 - Interception of Inmate Communication provides the direction to staff and defines the prescribed circumstances under which the authorized interception of communications between an inmate and another person may be requested, authorized and conducted. The duration of the interception is also guided by CD 568-10 which limits a single interception authorization up to 30 consecutive days, with two additional options of 15 days each. Interception activities are currently conducted at the site level.
The relevant Personal Information Bank (PIB) is:
- Preventive Security Bank – CSC PPU 065
Consent is not required for the collection of an inmate’s personal information for interceptions of communications. Upon admission, CSC ensures that inmates are informed that they may be subject of an interception should the legislative requirements be met. When there is an interception of communication, inmates are promptly informed, in writing, of the reasons for the interception unless the information would adversely affect an ongoing investigation, in which case the inmate is informed of the reasons at the completion of the investigation. Signs are also displayed in all visiting areas, adjacent to all telephones that are used by inmates and any other area where inmates may engage in an oral communication or telecommunication with persons who are neither inmates nor members of the institutional staff, advising that their conversations and communications are subject to monitoring and may be recorded.
The information acquired through an interception activity is for the purpose of preventing acts that would jeopardize the security of the penitentiary or the safety of any person. In the event that other information of a personal nature is intercepted, the person conducting the interception is under an obligation to maintain the confidentiality of the communication and ensure that it is used only for the purpose for which it was collected.
Personal information will be used most often in compliance with section 8(2)(a) of the Privacy Act which states that personal information under the control of a government institution may be disclosed for the purpose for which the information was obtained or compiled by the institution or for a use consistent with that purpose. There may be situations in which section 8(2)(a) of the Privacy Act is not applicable, yet there is still a need to disclose information under section 8(2). For example, if there is a police investigation, a Production Order/subpoena, a request in writing has been received from the investigative body identified in Schedule I of the Privacy Act, or there is an existing Memorandum of Understanding in place authorizing said disclosure. Sections 25(1) and (3) of the CCRA also provide authority for disclosure of personal information in specific circumstances.
Intercepted communications are securely retained and assigned a retention period of three years from the last administrative action. If a specific recording or recordings need to be kept longer, the recording(s) will be marked accordingly on the audio recorder and will not be deleted regardless of the retention settings until the flag is removed. A manual retention expiry date will be put in place to ensure recordings identified as needing to be kept for longer than the three-year retention period are deleted when they are no longer required.
Other offender records in the Preventive Security file bank are retained until the offender reaches 70 years of age or until five years after the last warrant expiry date, whichever is longest. Historical records are transferred to Library and Archives Canada.
- Date modified: