Mission Passport Print Solution Project 

Executive Summary

A Preliminary Privacy Impact Assessment (PPIA) was developed for the Passport Office’s new Mission Passport Print Solution Project. The PPIA was developed as part of the project’s Effective Project Approval submission to Treasury Board Secretariat.

The Mission Passport Print Solution Project strengthened the security of the passport production line by centralizing passport printing in Canada, which was done abroad at diplomatic missions and consular posts. It also improved the quality of passports which were originally issued at diplomatic missions and consular posts by providing digitized photo Machine Readable passports that meet the same high–quality standard as the Machine Readable passports issued domestically.

The Mission Passport Print Solution Project was at its early design stage when the PPIA was developed and to avoid unnecessary effort being expended on options or processes that are fundamentally incompatible with key privacy principles, the Passport Office had initiated a PPIA to determine whether there was a requirement for a full Privacy Impact Assessment.

The Mission Passport Print Solution Project did not involve the collection, use, disclosure or retention of new personal information. Also, it did not modify the purposes of personal information collection, use, disclosure and retention, identified at the time of personal information collection. In addition, it proposed only one privacy related change, and that change was not significant.

Consequently, at the time the PPIA was developed, there were no potential privacy risks associated with the Mission Passport Print Solution Project and thus, there was not a requirement for a full Privacy Impact Assessment at the time.

Another Preliminary Privacy Impact Assessment or a Privacy Impact Assessment might be required if there is a significant change to the Passport Print Solution project in the future.

Potential Privacy Risks

The Mission Passport Print Solution Project did not involve the collection of new personal information. Also, it did not involve any changes to the purposes of personal information collection, use, disclosure and retention.

The only privacy related change that occurred with the introduction of the Mission Passport Print Solution Project was that additional personal information (surname variations, city of birth, birth nation code of the passport applicant, and the full name and occupation of the guarantor), available then in the Passport Management Program (PMP) at the Department of Foreign Affairs and International Trade (DFAIT) headquarters, was transferred to the Central Index (CI) database located at the Passport Office headquarters. Since the transfer of the personal information from PMP to CI already existed, the transfer of additional personal information did not constitute a significant change.

The Mission Passport Print Solution Project did not involve privacy issues; therefore, there were no privacy risks associated with the project at the time that the PPIA was developed. The Passport Office understands that if a privacy risk regarding the Mission Passport Print Solution Project arises in the future, a subsequent PPIA and/or a full PIA will have to be conducted.

Overview of Security Requirements

There were no specific security requirements regarding the Mission Passport Print Solution Project. Transfer of the additional personal information from PMP to CI involved the same safeguards that were already in place for the existing transfer of personal information from PMP to CI. There was not a requirement for a Threat and Risk Assessment (IRA).

PIA Plan

No potential privacy risks exist.

In conclusion, there is no requirement for a PIA. However, if there is a significant change to this project in the future, a subsequent PPIA or a full PIA will be required.