ccmMercury

Executive Summary

ccmMercury is an off-the-shelf work flow product developed by WorkDynamics Technologies Inc. of Ottawa that is configured to provide users with access to one or more systems.  ccmMercury has been in use at the Department of Foreign Affairs and International Trade (DFAIT) since 2001 and is a system being used by departmental officials.  The development of a Privacy Impact Assessment was part of the Department’s commitment to protect personal information.  It also met the Management of Government Information Technology requirements obligating departmental major services to undergo a security and privacy assessment.

At the time it was implemented, a single system to manage the Ministerial correspondence process was implemented.  Over the years, additional systems were deployed through ccmMercury as per the Department’s requirement.  Each system is independent of other systems within the ccmMercury environment.  ccmMercury is a database application designed to allow users to track the workflow of a record including attaching related documents in many file formats.  Its integration with an imaging solution allows a user to scan documents, and through the use of templates, documents such as standard replies and routing slips can be automatically created. Searching and reporting capabilities allow users to easily find and report on the data captured in a system.

A number of systems within ccmMercury capture personal information.  The information captured is provided by the individual in the course of their communication with DFAIT, interaction with DFAIT Ministers and officials, in accessing internal employee support programs or in the course of employees performing assigned work.  The information is provided through correspondence sent by individual, verbally when a telephone is placed by the individual or in person when they access public of employee oriented services.  In all cases the information captured is provided by the individual or their representative.  The information is used to provide a response to the individual seeking information from the Department, brief Ministers and/or departmental officials, maintain employee assistance case files and generate statistics to manage DFAIT employee assistance programs, and to track the workflow of records in the system and maintain system usage/audit information.  In no case is the information accessible outside of users of the particular ccmMercury-based system which they access.  In no case is the information shared across ccmMercury systems or with other external systems.  In no case is the information used to prepare lists or to cross reference individuals making contact with the Department.

The personal information captured is as follows:

Correspondence – as provided:

  • name
  • title and organization represented
  • mailing address
  • telephone number(s)
  • email address

Briefing Products Tracking System – Visits Records

  • name
  • title and organization represented

Media Calls – as provided:

  • name
  • media organization represented
  • telephone number(s)

Question Period Notes – as provided:

  • name
  • citizenship
  • location
  • organization affiliation(s)
  • interaction with DFAIT

Informal Conflict Management/Employee Assistance – as provided:

  • name
  • gender
  • age range
  • employment type
  • employment category
  • geographic location
  • reported problem

The ccmMercury database is not integrated with any other system or database nor is there any systematic or ad hoc sharing of data with other organizations.  As such there is no opportunity for data to be intentionally or accidentally accessed or released during a transfer.  Privacy risks are therefore limited to the intentional or accidental accessing or release of information directly from the ccmMercury database.

Privacy Risks Identified

As a result of the Privacy Impact Assessment, two principle privacy risks were identified and mitigated as follows:

  1. Unauthorized access to the ccmMercury database.

    Unauthorized access can be done by an external agent or internal staff by accessing the database or a copy of a backup tape.  To protect against unauthorized access by external agents, DFAIT has employed a range of physical protections (firewalls, anti-virus and spyware software, monitoring software, secure data centre facility, etc.) and developed policies and procedures (threat risk assessments, account management/password policies, change management processes, etc.).

    To protect against unauthorized access by internal staff, servers and tapes are located/stored in access controlled locations and DFAIT has implemented a ccmMercury account management process, internal firewalls and monitoring software and a secure data centre facility.

  2. Accidental or intentional disclosure by a DFAIT employee with authorized access to ccmMercury.

    This risk is mitigated by requiring that all employees who access a ccmMercury-based system maintain security clearance, are Canadian-based staff and complete a security awareness session.  In addition, no mechanisms exist within the systems for a user to generate a complete list of contact information or produce a consolidation of the personal information that is stored in any or all of the systems.