ccmMercury is an off-the-shelf work flow product developed by WorkDynamics Technologies Inc. of Ottawa that is configured to provide users with access to one or more systems. ccmMercury has been in use at the Department of Foreign Affairs and International Trade (DFAIT) since 2001 and is a system being used by departmental officials. The development of a Privacy Impact Assessment was part of the Department’s commitment to protect personal information. It also met the Management of Government Information Technology requirements obligating departmental major services to undergo a security and privacy assessment.
At the time it was implemented, a single system to manage the Ministerial correspondence process was implemented. Over the years, additional systems were deployed through ccmMercury as per the Department’s requirement. Each system is independent of other systems within the ccmMercury environment. ccmMercury is a database application designed to allow users to track the workflow of a record including attaching related documents in many file formats. Its integration with an imaging solution allows a user to scan documents, and through the use of templates, documents such as standard replies and routing slips can be automatically created. Searching and reporting capabilities allow users to easily find and report on the data captured in a system.
A number of systems within ccmMercury capture personal information. The information captured is provided by the individual in the course of their communication with DFAIT, interaction with DFAIT Ministers and officials, in accessing internal employee support programs or in the course of employees performing assigned work. The information is provided through correspondence sent by individual, verbally when a telephone is placed by the individual or in person when they access public of employee oriented services. In all cases the information captured is provided by the individual or their representative. The information is used to provide a response to the individual seeking information from the Department, brief Ministers and/or departmental officials, maintain employee assistance case files and generate statistics to manage DFAIT employee assistance programs, and to track the workflow of records in the system and maintain system usage/audit information. In no case is the information accessible outside of users of the particular ccmMercury-based system which they access. In no case is the information shared across ccmMercury systems or with other external systems. In no case is the information used to prepare lists or to cross reference individuals making contact with the Department.
The personal information captured is as follows:
The ccmMercury database is not integrated with any other system or database nor is there any systematic or ad hoc sharing of data with other organizations. As such there is no opportunity for data to be intentionally or accidentally accessed or released during a transfer. Privacy risks are therefore limited to the intentional or accidental accessing or release of information directly from the ccmMercury database.
As a result of the Privacy Impact Assessment, two principle privacy risks were identified and mitigated as follows:
Unauthorized access can be done by an external agent or internal staff by accessing the database or a copy of a backup tape. To protect against unauthorized access by external agents, DFAIT has employed a range of physical protections (firewalls, anti-virus and spyware software, monitoring software, secure data centre facility, etc.) and developed policies and procedures (threat risk assessments, account management/password policies, change management processes, etc.).
To protect against unauthorized access by internal staff, servers and tapes are located/stored in access controlled locations and DFAIT has implemented a ccmMercury account management process, internal firewalls and monitoring software and a secure data centre facility.
This risk is mitigated by requiring that all employees who access a ccmMercury-based system maintain security clearance, are Canadian-based staff and complete a security awareness session. In addition, no mechanisms exist within the systems for a user to generate a complete list of contact information or produce a consolidation of the personal information that is stored in any or all of the systems.