Passenger Protect Program: Centralized Screening

Section 1 – Privacy Impact Assessment Overview

1. Name of Program or Activity:

Passenger Protect Program: Centralized Screening

2. Institution responsible for delivering Program or Activity:

Public Safety Canada (PS), in partnership with the Canada Border Services Agency (CBSA) and Transport Canada (TC).

3. Government Official Responsible for the Privacy Impact Assessment:

Senior Assistant Deputy Minister, National and Cyber Security Branch

4. Head of Institution/Delegate:

Senior Assistant Deputy Minister, National and Cyber Security Branch

5. Description of Program or Activity (from Results Framework):

The Passenger Protect Program (PPP) is an important part of Canada’s national security framework. The Secure Air Travel Act (SATA) provides the legal authority to the Minister of Public Safety and Emergency Preparedness (the Minister) to establish a list (commonly known as Canada’s “No Fly List” or the SATA list) of individuals if there are reasonable grounds to suspect that they will engage, or attempt to engage, in an act that would threaten transportation security, or travel by air to commit certain terrorism offences. To prevent a listed person from engaging in either of these acts, the Minister may issue a direction to air carriers to deny transportation or require additional screening prior to entering a sterile area of an airport or board an aircraft.

Under Part 6 of the National Security Act, 2017, a number of amendments were made to enhance the PPP and improve the way passengers are screened at airports. With the passage of the National Security Act, 2017 in 2019, the SATA was amended so that the Government of Canada (GoC) could take over the responsibility of screening passengers against the SATA list. Previously, air carriers were responsible for the screening process. The centralized screening model requires air carriers to provide the Minister (in practice, the CBSA, the centralized receiver of all electronic passenger manifests) with data, including names, dates of birth, and gender of each person who is on board or expected to be on board a flight to, from, or within Canada.

The CBSA’s centralized screening information technology (IT) solution will receive and vet the data against the SATA and Canadian Travel Number (CTN)^{Footnote 1} lists. Should there be a potential match to the SATA list, an electronic inhibit message is sent to air carriers to prevent an individual from checking-in to their flight until the potential match is de-conflicted. TC’s newly established Passenger Protect Program Operations Centre (TC PPPOC) will determine whether there is a true or false-positive match. If there is a true match, the Minister may issue a direction to either deny transportation or require additional screening. Centralized screening will enhance national security and public safety by determining, early in the travel continuum, whether a traveller is in fact on the SATA list. This means that fewer travellers will be delayed by having to present themselves at an air carrier service counter to obtain a boarding pass and screening will be conducted in a more consistent and rigorous manner.

6. Class of records associated with the program or activity:

With respect to the PIA identified in this Summary, a COR has been updated to include:

Record Number: PS NCSB 05

For PS, it includes records related to Centralized Screening and the CTN Office. Centralized Screening requires air carriers to provide the Minister with prescribed data on each person who is on board or expected to be on board an aircraft for any flight captured under the Secure Air Travel Regulations (SATR), if that information is in the air carrier’s control, within a prescribed time and manner. The CTN Office supports government-controlled centralized screening by facilitating pre-flight verification of passengers’ identity. Records include personal information related to individuals or parents/legal guardians/tutors (applying on behalf of a child or children) who apply for a CTN.

Record Number: TC ASE 007

For TC, records relate to the development and implementation of operations control, equipment, the Transportation Security Information System (TSIS), airport security inspections, audits, enforcement, and risk evaluations related to the SATA in order to ensure the security of Canada’s airports and passengers. This also includes records about the accreditation of inspectors and the PPP.

Record Number: Under Development

For the CBSA, it may include records related to the establishment or use of electronic systems used to administer or manage the program including Data Acquisition System (DAS) / DAS Monitoring (DASMON), Client Profile System (CPS), Internet Advance Passenger Information (API) Gateway (IAG), Passenger Information System (PAXIS) / PPPOC System, and Integrated Border Alert System (IBAS).

7. Personal Information Bank:

With respect to the PIA identified in this Summary, a PIB needs to be updated, and registered to include:

For TC, this bank describes information relating to the Passenger Protect Program (PPP) held by TC for the purposes of PPP Operations. The SATA list is established under Public Safety’s authority and includes the name (given name, surname), any known alias, date of birth and gender of these individuals. TC may access names and supporting information, such as case briefs, which provide identifying information on an individual, as well as sufficient information necessary to support the addition of the individual’s name to the SATA list.

For the CBSA, this bank describes information about individuals expected to be on board or who are on board an air carrier that is mandated under the SATR. Air carriers are required to provide data relating to all passengers flying into, out of, or within Canada. For the purpose of PPP, the following personal data elements are required: surname, first name, and middle name(s) if any, date of birth, gender, unique identifier – CTN (if provided), reservation record locator number (if provided), unique passenger reference assigned to the passenger by the air carrier, and if in their control, the citizenship or nationality, as well as travel document information (passports and permanent resident cards issued by Canada or the United States only). This information will be used to query against the SATA and CTN lists for the purpose of PPP.

8. Legal Authority for Program or Activity:

The PPP was established in 2007 under the Aeronautics Act with a mandate to protect national security and identify and prevent individuals who may pose an immediate threat to aviation security from boarding a flight. In June 2015, the SATA came into force, providing a stronger legislative framework for the PPP, including expanding the mandate of the program beyond aviation security to encompass travel by air for terrorism purposes.

The National Security Act, 2017 created the legal authority to amend the SATA to make improvements to the way passengers are screened at airports. Amendments to the SATA received Royal Assent in 2019. The SATR were also amended in order to ensure alignment with the legislation.

The authority to collect and disclose information is granted under Sections 10 to 14 of the SATA. This PIA is multi-institutional as TC and the CBSA provide assistance to the Minister for centralized screening. Responsibilities are governed by a Memorandum of Understanding.

9. Summary of the project / initiative / change:

The National Security Act, 2017 created the legal authority to amend the SATA to make improvements to the way passengers are screened at airports. Previously, air carriers screened passenger information against the SATA list before passengers received a boarding pass. Under Government-controlled centralized screening, the GoC will screen passenger information against the SATA list. This will ensure effective, consistent, and rigorous screening while improving privacy and fairness.

PS, with assistance from TC and the CBSA, will assume responsibility of the screening process. PS holds the overall authority for centralized screening and is accountable for its performance. The CBSA is responsible for screening passenger information against the SATA and CTN lists through its IT system. TC is responsible for de-conflicting potential matches to the SATA list and conducting oversight of air carriers. Lastly, air carriers will no longer be responsible for the screening process, but will be required to transmit passenger and flight information to the CBSA IT system.

Section 2 - PIA Risk Area Identification and Categorization

The following section contains risks identified in the PIA for the new or modified program. A risk scale has been included for each risk area lettered "a – f". The numbered risk scale is presented in ascending order: the first level represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area. Please refer to “Appendix C” of the TBS Directive on PIAs to learn more about the risk scale.

a) Type of program or activity

• Risk Scale – 2: Administration of program or activity and services

b) Type of Personal Information Involved and Context

• Risk Scale – 4: Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive.

c) Program or Activity Partners and Private Sector Involvement

• Risk Scale – 1: Within the institution (amongst one or more programs within the same institution)
• Risk Scale – 2: With other government institutions.
• Risk Scale – 4: Private sector organizations or international organizations or foreign governments.

d) Duration of the Program or Activity

• Risk Scale – 3: Long-term program

e) Program Population

• Risk Scale – 3: The program affects certain individuals for external administrative purposes

f) Technology and Privacy

• Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information? Yes
• Does the new or modified program or activity require any modifications to IT legacy systems and / or services? Yes
• The new or modified program or activity involve the implementation of one or more of the following technologies:
  • Enhanced identification methods? No
  • Use of Surveillance? No
  • Use of automated personal information analysis, personal information matching and knowledge discovery techniques? Yes

g) Personal Information Transmission

• Risk Scale – 2: The personal information is used in a system that has connections to at least one other system
• Risk Scale – 4: The personal information is transmitted using wireless technologies.

h) Risk Impact to the Institution:

• Risk Scale – 4: Reputation harm, embarrassment, loss of credibility

i) Risk Impact to the Individual or Employee

• Risk Scale – 1: Inconvenience
• Risk Scale – 2: Reputation harm, embarrassment
• Risk Scale – 3: Financial harm

Date modified:

2021-07-16