Summaries of Privacy Impact Assessments
The Canadian Race Relations Foundation is committed to the protection of personal information used in the course of providing programs and services to its employees and the public.
Privacy Impact Assessments (PIAs) ensure that all activities requiring the collection, use, disclosure, retention, and disposition of personal information are carried out in accordance with the federal Privacy Act and recognized privacy principles. PIAs ensure that privacy risks associated with those activities are identified and resolved or mitigated to the extent reasonable.
In accordance with Treasury Board of Canada Secretariat (TBS) requirements, a copy of each PIA is provided to the Office of the Privacy Commissioner of Canada and to TBS for review, and, a summary of each completed PIA is published here.
PIA Summary for National Anti-Racism Fund (March 2022)
Section 1 – Overview & PIA Initiation
Government Institution: Canadian Race Relations Foundation
Official Responsible for the PIA
Angela Lee, Director of Partnerships and Research
Head of the government institution or Delegate for section 10 of the Privacy Act
Arsalan Tavassoli, Director of Finance and Administration, and ATIP Coordinator
Name of Activity: National Anti-Racism Fund
Description of the class of record and personal information bank:
Funding Opportunities Class of Record [Under Development]
Funding Opportunities Personal Information Bank [Under Development]
Legal Authority for activity:
Canadian Race Relations Act
In line with its mandate under the Canadian Race Relations Foundation Act, the Canadian Race Relations Foundation (“CRRF”) has established a National Anti-Racism Fund (the “Fund”) to support organizations to combat racism, promote events and education, and build a more anti-racist society. Starting in January 2022, the Fund will be disbursed to support four broad policy objectives:
- Reducing systemic racial barriers: Reducing barriers to inclusion by addressing systemic racism in education, healthcare, the justice system, public services, employment, and public life.
- Research and education: Promoting and increasing availability and accessibility of data, evidence, and community insights on race relations in Canada.
- Public awareness: Informing public policies by highlighting systemic and institutional barriers.
- Cultural and intercultural community building: Creating cross-cultural opportunities through discussions and dialogue on race, religion, building awareness, and collaborations.
Section 2 – Risk Identification & Categorization
The following section contains standardized risk categories identified in the PIA report per the TBS requirements for a core PIA. The common, numbered risk scale is utilized in ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area.
A) Type of program or activity
Risk scale – 1: Program or activity that generally does not involve a decision about an identifiable individual.
B) Type of personal information involved and context
Risk scale – 1: Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program.
C) Program or activity partners and private sector involvement
Risk scale – 3 & 4: Other federal institutions and private sector organizations
D) Duration of the program or activity:
Risk scale – 3: Short-term activity.
E) Program population
Risk scale – 3: The program’s use of personal information for limited administrative purposes
F) Technology & privacy
Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?
Yes – Use of SurveyMonkey Apply
Does the new or modified program or activity require any modifications to IT legacy systems and/or services?
The new or modified program or activity involves the implementation of one or more of the following technologies:
- Enhanced identification methods? No
- Use of Surveillance? No
- Use of automated personal information analysis, personal information matching and knowledge discovery techniques? No
G) Personal information transmission
Risk scale – 2: The personal information is used in a system that has connections to at least one other system.
H) Privacy breach risk impact
Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee? LOW
Potential risk that in the event of a privacy breach, there will be an impact on the institution? LOW