Summaries of Privacy Impact Assessments

The Canadian Race Relations Foundation is committed to the protection of personal information used in the course of providing programs and services to its employees and the public.

Privacy Impact Assessments (PIAs) ensure that all activities requiring the collection, use, disclosure, retention, and disposition of personal information are carried out in accordance with the federal Privacy Act and recognized privacy principles. PIAs ensure that privacy risks associated with those activities are identified and resolved or mitigated to the extent reasonable.

In accordance with Treasury Board of Canada Secretariat (TBS) requirements, a copy of each PIA is provided to the Office of the Privacy Commissioner of Canada and to TBS for review, and, a summary of each completed PIA is published here.

Government Institution: Canadian Race Relations Foundation

Official Responsible for the PIA
Angela Lee, Director of Partnerships and Research

Head of the government institution or Delegate for section 10 of the Privacy Act
Arsalan Tavassoli, Director of Finance and Administration, and ATIP Coordinator

Name of Activity: National Anti-Racism Fund

Description of the class of record and personal information bank:

Funding Opportunities Class of Record [Under Development]
Funding Opportunities Personal Information Bank [Under Development]

Legal Authority for activity:
Canadian Race Relations Act

Description Summary:

In line with its mandate under the Canadian Race Relations Foundation Act, the Canadian Race Relations Foundation (“CRRF”) has established a National Anti-Racism Fund (the “Fund”) to support organizations to combat racism, promote events and education, and build a more anti-racist society. Starting in January 2022, the Fund will be disbursed to support four broad policy objectives:

1. Reducing systemic racial barriers: Reducing barriers to inclusion by addressing systemic racism in education, healthcare, the justice system, public services, employment, and public life.
2. Research and education: Promoting and increasing availability and accessibility of data, evidence, and community insights on race relations in Canada.
3. Public awareness: Informing public policies by highlighting systemic and institutional barriers.
4. Cultural and intercultural community building: Creating cross-cultural opportunities through discussions and dialogue on race, religion, building awareness, and collaborations.

PIA Scope:

The PIA analyzed the personal information practices associated with the National Anti-Racism Fund in accordance with TBS privacy policy requirements. A mitigation plan was prepared to address any identified privacy risks. As PIAs are evergreen documents, the CRRF commits to revisiting the report’s content in the event of substantive changes to the personal information management practices associated with this funding opportunity, and future opportunities.

The following section contains standardized risk categories identified in the PIA report per the TBS requirements for a core PIA. The common, numbered risk scale is utilized in ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area.

A) Type of program or activity
Risk scale – 1: Program or activity that generally does not involve a decision about an identifiable individual.

B) Type of personal information involved and context
Risk scale – 1: Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program.

C) Program or activity partners and private sector involvement
Risk scale – 3 & 4: Other federal institutions and private sector organizations

D) Duration of the program or activity:
Risk scale – 3: Short-term activity.

E) Program population
Risk scale – 3: The program’s use of personal information for limited administrative purposes

F) Technology & privacy
Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?

Yes – Use of SurveyMonkey Apply

Does the new or modified program or activity require any modifications to IT legacy systems and/or services?

No

The new or modified program or activity involves the implementation of one or more of the following technologies:

• Enhanced identification methods? No
• Use of Surveillance? No
• Use of automated personal information analysis, personal information matching and knowledge discovery techniques? No

G) Personal information transmission
Risk scale – 2: The personal information is used in a system that has connections to at least one other system.

H) Privacy breach risk impact
Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee? LOW

Potential risk that in the event of a privacy breach, there will be an impact on the institution? LOW