Information & Ethics committee  In regard to privacy impact assessments, we really appreciate the interactions we have with the Office of the Privacy Commissioner. We have regular dealings with them. We like to engage them early in the development of a privacy impact assessment to get their ideas and to see wh

Information & Ethics committee  It's a good question. On a necessity test, I would say that the principle is already embedded in what we do every day. We don't collect information which we have no legal authority to collect. And we don't use it for a purpose for which we should not be using it. A necessity te

Information & Ethics committee  No, it would not. Granted, they're challenging and resource-intensive to put together, because they require a certain level of expertise, which you do not have normally in-house either within an ATIP office or within the agency or the program area. That is a challenge we need to

Information & Ethics committee  At CBSA we have policies that cover basically all possible legislative authorities for disclosure. We have a policy, for example, under section 107 of the Customs Act. We have a policy under the Privacy Act, section 8. We have a policy under SCISA. Granted, there might not be wri

Information & Ethics committee  At CBSA we do have a lot of privacy impact assessments under development. If I had to guesstimate, I would say we probably have 40 of them on the go right at the present time. We commonly do privacy impact assessments. We do an assessment of the need for privacy impact assessment

Information & Ethics committee  I would add that our agency records are always properly classified and properly designated. We have a departmental security officer who we follow regarding the strict security requirements on the safeguarding of the information. We have an IT infrastructure that keeps all of th

Information & Ethics committee  Similar to the situation at CRA, at the CBSA, the delegation of instruments is set up in such a way as to limit it to certain individuals. I have full delegated authority and so do some of my managers. I'm very independent. I've been director of ATIP since 2010 and I have oversee