Dialogue Application

Executive Summary

Dialogue is a web based application that allows the Centre of Learning for International Affairs and Management (CFSD) to produce customized online 360 and 180 degree feedback questionnaires and reports. Dialogue is designed to support CFSD’s pedagogical approach. It is being developed using the latest technology (XSL, XSLT, XML and SOAP in a dot NET and SQL 2000 environment). The environment is divided into two different components: the evaluation system and the management system.

The evaluation component is a secure website inside Dialogue where personalized online questionnaires are generated based upon participants’ credentials. Participants and respondents access this site to answer and submit the questionnaire. The purpose of the questionnaires is to provide feedback to participants on their behaviour.

The management component is the core system of Dialogue. This component is accessible only by CFSD and the participant’s coordinator.

The following privacy issues or risk are identified:

  • Some personal information is gathered about participants’ behaviours but once the reports are produced, analyzed and sent to the participants, the evaluation process is ended and all responses are archived for statistical purposes. Only the responses are stored without any association to participants’ or respondents’ credentials. All personal information is destroyed at this point.
  • The Information is temporarily recorded on back-up tapes stored in a secure combination locked cabinet. The back-up tapes are over-written every 17 weeks.
  • The level of classification for most of the information on the network Signet “D” is up to Protected A but some portions are considered PROTECTED B. The Information and Technical Security Division and the Information Technology Security Systems Division are exploring options for a solution.

Privacy Risk Mitigation

Personal information collection, disclosure, and consent by Participant

Participant’s personal information is collected directly from individuals. Coordinators and Respondents names are offered by the Participants. Proper consent is collected by the program prior to full involvement of the respondents and coordinators.

Private information is gathered about participants’ behaviours

Participants need to go through an evaluation process. The participants are required to submit their self-evaluation and the respondents are invited to take part of the evaluation process by answering the same questions about the participants’ behaviours. There could be three different types of respondents for a participant: subordinate, peer or superior.

The evaluation component is a secure website inside dialogue with one single SQL database. Feedbacks on participants are stored into the database but there are no association between the responses submitted and the respondent’s name. Participants’ credentials and evaluations submitted are kept into the database. Once the reports are produced, analyzed and sent to the participants, the evaluation process is ended and all responses are archived for statistical purposes only. Note that ONLY the responses are stored without any association to participants’ or respondents’ credentials.

Information is temporarily recorded on back-up tapes

Back-ups are automatically performed on a daily basis by the Applications Solution Division and/or the Desktop Applications Configuration Division on the servers located in the secure Ministerial Correspondence Division. The backup tapes record copies of data submitted to the database (participants’ I respondents’ credentials’ and participants’ evaluations).

The back-up tapes are stored in a secure combination locked cabinet and are over-written every 17 weeks.

Participants’ and respondents’ credentials are temporarily recorded

The participants’ and the respondents’ credentials are temporarily recorded in the database. The credentials temporarily recorded are: first and last names associated with the e-mail addresses, positions, departments and classifications.

Once the reports are produced, analyzed and sent to the participants, the evaluation process is ended and all responses are archived for statistical purposes only. Note that ONLY the responses are stored without any association to participants’ or respondents’ credentials.

Level of classification of information on Signet D is up to Protected A

The level of classification for most of the information on the network Signet “D” is up to Protected A but some portions are considered PROTECTED B. The Information and Technical Security Division and the Information Technology Security Systems Division are exploring options for a solution.