The Canadian Cyber Incident Response Center's (CCIRC) Collection of Digital Information

Section 1 – Privacy Impact Assessment Overview

  1. Name of Program or Activity
    The Canadian Cyber Incident Response Center's (CCIRC) Collection of Digital Information

  2. Institution responsible for delivering Program or Activity
    Public Safety Canada

  3. Government Official Responsible for the Privacy Impact Assessment:
    CCIRC Director

    Head of Institution/Delegate:
    Senior Assistant Deputy Minister, National Security Branch

  4. Description of Program or Activity (from Program Activity Architecture) :

    National Security
    The National Security Program at Public Safety Canada exists to ensure Canada is prepared for and can respond to a range of national security threats. The threat environment faced by Canadians is becoming increasingly complex, underlining the relevance of this program for the security of Canadians. The National Security Program undertakes to coordinate the efforts of the Public Safety Portfolio and broader government departments and agencies on matters relevant to national security.  In order to achieve this, the program works cooperatively with operational and policy partners to provide the Government with strategic advice on rapidly evolving and often sensitive issues.  This advice complements the advice from Portfolio agencies that have operational expertise in such areas as intelligence collection and analysis, investigations or border control. The National Security Program also assists the Minister and Deputy Minister in fulfilling key statutory obligations, coordinates, analyses and develops policy on complex issues, including the listing and delisting of terrorist entities, radicalization leading to violence, the proliferation of weapons of mass destruction, and seeks to identify and close the gaps in Canada's ability to deal with national security related threats. Because of their complexity, importance, and potential impact on individual rights, national security legislation, programs and policies must be well founded, well governed, and well executed; this program plays a central role in supporting decision makers in achieving this goal on behalf of Canadians.

    Cyber Security
    This program furthers Canada's economic prosperity, national security and quality of life by better protecting the Government, private sector and Canadians from cyber threats. It provides whole of government leadership and coordination of cyber security nationally to improve Canada's cyber security posture. Program elements include: achieving cyber integrity of government to protect Canadians' information; partnering with the provinces, territories and private sector; and helping Canadians be secure online. The program aims to: strengthen the Government's capability to detect, deter and defend against cyber threats; build the Government's credibility as a trusted cyber security partner internationally and domestically; and promote awareness among other levels of government, the private sector, academia and individual Canadians. To strengthen capability, the Department exercises leadership and provides coordination to ensure the necessary policy, legislation and regulatory frameworks are in place for cyber security. Through its Canadian Cyber Incident Response Centre, the Department coordinates the federal response to cyber events and disseminates advisories and reports to federal departments, provincial governments and the critical infrastructure sectors. To build credibility, the Department engages with domestic and international stakeholders as a trusted partner sharing actionable intelligence to defend against cyber threats. To promote public awareness, the Department undertakes engagement and promotional activities with other levels of government, industry, academe and Canadians to drive lasting behavioral change.

  5. Description of the class of records associated with the program or activity:

    * Class of records under review and will be updated in Info Source 2012.

    Emergency Management Operations

    Information on Government of Canada operational emergency response capabilities and programs including information pertaining to the Federal Emergency Response Plan, the National Emergency Response System, the Government Operations Centre (GOC) and the Canadian Cyber Incident Response Centre (CCIRC). Under this program, the GOC delivers an all-hazard integrated federal emergency response to events in the national interest. It provides 24/7 monitoring and reporting, national-level situational awareness, integrated risk assessments and warning products, as well as national-level planning and whole-of-government response management. In parallel and in collaboration with the GOC, CCIRC focuses on operational-level, cyber-only whole-of-government response.

    Document Types: Memorandums, briefing notes and books, Question Period notes, reports, plans, presentations, evaluations, agreements, procedures, policies, maps, emails, lists, agendas, records of decision, letters, contracts and requests for proposals.

    Record Number: PS EMNS 050

    National Cyber Security Directorate

    Information that supports the development and implementation of Canada's cyber security strategy. This includes policies and measures to: strengthen the security of Government of Canada systems, partner with provinces, territories and industry that own or control critical systems, and promote public awareness.

    Document Types: Briefing notes, memorandums, agenda, presentations, contract and proposals.

    Record Number: PS EMNS 066

  6. Personal Information Bank:
    With respect to the PIA identified in this Summary, a PIB needs to be:
    • N/A – Class of personal information needs to be included in InfoSource.

  7. Legal Authority for Program or Activity:

    CCIRC's legal authority is based on the Department of Public Safety and Emergency Preparedness Act (DPSEP), and the Emergency Management Act (EMA).

    First, section 4 of the DPSEP gives the Minister of Public Safety a broad mandate with respect to public safety, emergency preparedness, and certain other matters. The Minister is authorized by this Act to assign departmental officials and branches within Public Safety the mandate of assisting him. Based on this authority, the Minister established CCIRC and its mandate.

    Second, the EMA outlines the responsibly of Public Safety's Minister in relation to emergency management in Canada. These responsibilities, among others, include monitoring potential or actual emergencies and advising ministers accordingly; establishing policies and programs related to emergency management; and, facilitating the authorized sharing of information in order to enhance emergency management.

  8. Summary of the project / initiative / change:
    The Canadian Cyber Incident Response Center (CCIRC) is the entity within the federal government entrusted with coordinating the response to cyber security incidents of national interest and protecting critical infrastructure. CCIRC is Canada's national computer emergency readiness team and its three main roles are to: (1) reduce cyber vulnerability and risk; (2) provide effective cyber response; and (3) coordinate with partners. As such, CCIRC's mandate and roles contribute to Public Safety's strategic objective to build a safe and resilient Canada.

    There are three main ways CCIRC collects personal digital information: (1) compromised data passed on to CCIRC by partners; (2) reports on compromised systems sent to CCIRC; and (3) incident research and assessment undertaken by CCIRC.
    1. Compromised data: Compromised data is often obtained from computers that have software installed on them that is designed to record and send individuals' keystrokes to unauthorized ‘malicious' entities. This data may contain personal information such as social insurance numbers (SIN), dates of birth, account usernames, passwords, and financial and medical information. As part of their cyber security initiatives and investigations, other countries sometimes acquire compromised data in the course of their respective investigations. Due to the trusted relationships that CCIRC currently shares with these countries, when Canadian content is discovered, these countries send this information to their established computer emergency response team counterpart in Canada (i.e. CCIRC).

    2. Reports: CCIRC receives daily /weekly information from private sector organizations, international partners, and other government institutions. This information may contain data on potentially compromised Canadian Internet Protocol (IP) addresses.  These IP addresses are identified using networks designed to monitor malicious activity; and/or the investigative efforts of a trusted partner or another cyber emergency response agency. CCIRC's partners may also share reports related to malicious activity that is detected against their systems.  These reports are normally presented in PDF or Word format and usually contain: (1) suspect IP addresses; (2) the time in which the activity occurred; and (3) depending on their detection programs (anti-virus), the type of malicious activity.
      • CCIRC has established information sharing agreements with two privact sector organizations (attached in Section VII) and plans to continue expanding this initiative.

    3. Research and analysis: CCIRC conducts daily research on both cyber threats against Canadian critical infrastructure sectors and partners.  This involves detailed review of open source internet sites that monitor computer based threats. In addition, CCIRC is involved in cyber incidents that may be brought to our attention through a third party in relation to our increasing position as a national leader in cyber security.  During these incidents, CCIRC staff may sometimes be involved in the analysis of software and/or hardware obtained in relation to malicious activities. As such, staff members may be exposed to personal, or trade specific
      information, that may be contained on the material they are analyzing. 

    Belonging to both the public and private sectors, CCIRC's stakeholders include the federal, provincial territorial and municipal governments; organizations within Canada's critical infrastructure sectors (health, finance, food, water, safety, energy and utilities, manufacturing, transportation, and information and communication technology); and educational institutions. In addition, CCIRC will exchange information with international allies, professional associations, vendors, non-government organizations and researchers, as they may possess specialized mitigation advice, best practices, detection indicators, and other information.

Section 2 - PIA Risk Area Identification and Categorization

The following section contains risks identified in the PIA for the new or modified program. A risk scale has been included for each risk area lettered "a – f". The numbered risk scale is presented in ascending order: the first level represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area. Please refer to “Appendix C” of the TBS Directive on PIAs to learn more about the risk scale.

  1. Type of program or activity
    Program or activity that does NOT involve a decision about an identifiable individual.
    Risk Scale - 1

  2. Type of Personal Information Involved and Context
    Social Insurance Number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive.
    Risk Scale - 3

  3. Program or Activity Partners and Private Sector Involvement
    Privacy sector organizations or international organizations or foreign governments
    Risk Scale - 4

  4. Duration of the Program or Activity
    Long-term program
    Risk Scale - 3

  5. Program Population
    The program affects certain individuals for external administrative purposes.
    Risk Scale - 3

  6. Technology and Privacy
    Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information? Yes

    Does the new or modified program or activity require any modifications to IT legacy systems and / or services? Yes The new or modified program or activity involve the implementation of one or more of the following technologies:
    • Enhanced identification methods? No
    • Use of Surveillance? No
    • Use of automated personal information analysis, personal information matching and knowledge discovery techniques? No

  7. Personal Information Transmission
    The personal information is transmitted using wireless technologies.
    Risk Scale – 4

  8. Risk Impact
    Risk Impact to the Institution:
    • Reputation harm, embarrassment, loss of credibility
    • Risk Scale - 4

    Risk Impact to the Individual or Employee
    • Financial harm
    • Risk Scale - 3
Date modified: