Consular Services Case Management System (COSMOS) – Privacy Impact Assessment

Executive Summary

Assisting Canadians who are living, travelling or preparing to travel abroad is one of the defining aspects of the consular service the Department of Foreign Affairs and International Trade (DFAIT) is responsible for providing to Canadians abroad.  While consular assistance for Canadian citizens living or travelling abroad can take many forms, each intervention serves two basic purposes: protection and assistance. In serious consular cases, which often draw public and media attention, consular services can be of vital importance to individuals. Consular officers are appointed agents of the Government of Canada. Their function is to protect and assist Canadians who live and travel abroad, and to promote the interests of Canada and Canadians.

The departmental Consular Services and Emergency Management Branch provides information and assistance to Canadians living and travelling abroad. Services range from replacing a lost, stolen or expired passport to providing assistance in cases of financial destitution, medical emergencies, family distress, arrest and detention, child abductions, deaths, or evacuations following events such as natural disasters, violent conflicts, or kidnapping. In order to manage consular cases and consular activities better, DFAIT created a system called the Consular Management and Operations System (COSMOS). COSMOS is a business information system that is used for consular task management, workflow, and client relationship management. When an individual requests services or assistance from Consular Affairs, a COSMOS case is created. The system contains information about individuals who request consular services and associated cases.

To support its mandate to provide assistance to Canadians abroad, Consular Services has designed the COSMOS information collection and management system exclusively for the purpose of providing consular services, including registering Canadians abroad, providing some citizenship services and issuing passports abroad. COSMOS serves Canadians in need of assistance by providing a system into which information is entered and then retrieved from a database that is accessed through a web-based portal. It is accessible from either HQ or missions and is instantly available to all staff, thereby enabling improved service delivery levels to Canadian citizens. COSMOS is available to all missions through the protected SIGNET networks operated by the Department of Foreign Affairs and International Trade (DFAIT). In the course of providing consular services, personal information that is subject to the Privacy Act may be collected.

Thus, a Privacy Impact Assessment (PIA) was developed for COSMOS.

The scope of the PIA was limited to the COSMOS, more specifically, its business and operational processes. The assessment was part of the Department’s commitment to protection of personal information. The Department is making every effort to implement the recommendations resulting from the assessment to further protect personal information shared with the Department as a result of Consular Services rendered to Canadians.

The following recommendations have been made as mitigation strategies for risks identified through the development of the PIA:

  • Recommendation 1: It is recommended that an online single authoritative source of passport information be made available to Consular Officers at missions and DFAIT HQ to identify and authenticate Canadian passport holders.
  • Recommendation 2: Consular Services should develop visible privacy notice signs for missions’ Consular areas providing visiting Canadians with appropriate level of notice.
  • Recommendation 3: For the sake of consistency across all Canadian missions, Consular Services should develop standard templates for release forms required for various situations and provide them to the missions.
  • Recommendation 4: The Consular Services’ “Policy on Use and Disclosure of Personal Information” should be updated.
  • Recommendation 5: Consular Services should undertake a comprehensive design, costing and development of logging and consistent audit trail of all information, records, and fields accessed by any user using any access method. The audit trail must reflect access to database at record and field level.
  • Recommendation 6: Consular Services should inform all partners that it will be planning to adopt the 15-year retention and disposition policy within a published timeframe.
  • Recommendation 7: In order to support Recommendation-5, it is recommended that COSMOS provide a management level reporting tool accessing audit and log files in the form of user-friendly, yet comprehensive, reports.
  • Recommendation 8: Consular Services should investigate the potential use of database encryption for COSMOS and Registration of Canadians Abroad (ROCA) databases. COSMOS’s collection of data and databases could be protected further through the use of encryption.