Export and Import Controls System (EICS)

Executive Summary

The Department of Foreign Affairs and International Trade (DFAIT) has the primary responsibility for the promotion and protection of Canada's interests abroad and the conduct of Canada's relations with other countries. The Export and Import Permits Act (EIPA) empowers the Department to issue permits and assist Canadian exporters and importers.

The Export Import Control System (EICS) is a mission critical system that enables licensed Canadian Customs Brokers to apply on-line for the necessary permits for the importation and exportation of certain goods to and from Canada. During the course of issuing permits and conducting Export Import Control through the usage of the EICS system, the Department collects, accumulates, and manages personal information. The EICS offers a secure WEB interface and an Electronic Data Interchange interface to support the application, approval, and processing of import/export permits. The system also features import/export quota management functionality.

The Department’s primary objective is to ensure that the EICS and all of the business functions currently included in the existing system are available to DFAIT’s client on every business day and that DFAIT can satisfy its Operations Pledge to Canadian businesses. The EICS availability is critical to Canadian businesses involved in the import or export of goods to the Canadian economy.

While the economic benefits of free-flowing trade are one of Canada's greatest assets, control of importing/exporting of goods have been judged essential. The EIPA provides that the Governor-in-Council may establish lists known as: the Import Control List (ICL), the Export Control List (ECL), and the Area Control List (ACL). The Act sets out the purposes for including goods or countries on these lists. Most controlled goods require an Individual Permit for import or export, although some goods may enjoy facilitated treatment under a General Permit. Import Permit Regulations (IPR) and Export Permit Regulations (EPR) establish procedures for obtaining permits. Copies are available upon request.

A Privacy Impact Assessment (PIA) was conducted on the Import Export Control Systems (EICS) in order to identify and assess possible privacy risks and mitigation measures, and ensuring compliance with the government’s privacy protection legislation and principles. While EICS is a large and complex operation, the assessment found no significant privacy risk, however, the assessment found low-level risks in areas of consent and collection that need to be mitigated. Proper mitigation strategies have been devised and planned to protect personal information in accordance with the Government’s policies and departmental guidelines.

Risk Analysis Segment

The following is a risk analysis and mitigations offered to remedy these risks.

  1. Accountability

    Identified Risk: No risk found.

  2. Purpose

    Identified Risk: No risk found.

  3. Consent

    Identified Risk: Consignee’s personal information

    Risk Level: Low

    Mitigation Strategy: The Government of Canada, which includes DFAIT, does not have access to internationally based consignees outside Canada; consequently, it is impossible to inform the consignees of their privacy rights directly.

    To this end, the Department will take steps to inform Brokers and exporters of the privacy rights of the consignees, where the exporter is required to have adequate consent from the consignee for disclosure. This will be achieved through a Privacy Notice Statement (PNS) that would be present as part of the export permits process.

    The Department intends to develop communication material targeted at Brokers, informing them of the privacy protection requirements. These will include the review of PNS by the exporter and confirmation that the exporter has understood his/her rights as well as obligations.

  4. Collection

    Identified Risk: Privacy Notice Statement

    Risk Level: Low

    Mitigation Strategy: The departmental Administration and Technology Services Division will be developing a Privacy Notice Statement in accordance with the departmental guidelines and with the assistance of the Access to Information and Privacy Protection Division at DFAIT to be posted on all applications where personal information is collected. The Privacy Notice Statement will be shared with Brokers to be communicated to the Importers / Exporters.

  5. Use, Disclosure and Retention

    Identified Risk: No risk found.

  6. Accuracy

    Identified Risk: No risk found.

  7. Safeguarding

    Identified Risk: No risk found.

  8. Openness

    Identified Risk: No risk found.

  9. Individual Access

    Identified Risk: No risk found.

  10. Compliance

    Identified Risk: No risk found.