Privacy Impact Assessment Summary – Online Discussion Forum for the National Engagement Initiative
12 December 2014
Table of Contents
- Purpose
- Description
- Why the Privacy Impact Assessment Was Necessary
- Privacy Impact Assessment Objectives
- Privacy Impact Assessment Findings and Risk Summary
- Action Plan - Risk Mitigation
- Security Management
Purpose
This document facilitates the review of the Privacy Impact Assessment prepared on the use of the Online Discussion Forum (ODF), a new initiative launched by the National Energy Board (Board or NEB) as part of its National Engagement Initiative. This document also reviews the privacy risk areas identified in the Privacy Impact Assessment, the recommendations to address them, and outlines steps being taken to implement them.
Description
This Privacy Impact Assessment evaluates whether the use of the Online Discussion Forum complies with the requirements of the Privacy Act and associated Treasury Board Secretariat privacy policies.
The Online Discussion Forum is part of the National Energy Board’s (Board or NEB) National Engagement Initiative to reach out to Canadians on pipeline safety and environmental protection. As part of this engagement, an Online Discussion Forum (ODF) was created to allow for all Canadians to post their comments and ideas pertaining to all aspects of the Board’s work and mandate. The objective of the discussion forum is to better understand Canadians’ perspectives on pipeline safety and environmental protection and to discuss how the Board can adjust its approach to these issues.
It should also be noted that, although the ODF is accessible through the NEB website through the NEB website (www.neb-one.gc.ca), the ODF is jointly administered by the NEB and a contracted third party, SoapBox Innovations Inc. (SoapBox). SoapBox will be assuming the technical aspects of hosting the discussion forum, including managing users profiles as well as collecting and safeguarding the personal information related to users, while NEB Strategic Communications group will be moderating and administering the discussion itself. It will be at the discretion of the NEB Strategic Communications Group, on behalf of the Board, if SoapBox displays information publicly, such as ideas, comments, or user display names. The personal information being collected from users is merely for contact and reference purposes. The personal information will not be subject to any administrative decisions.
Why the Privacy Impact Assessment Was Necessary
A Privacy Impact Assessment was necessary because the ODF will require the NEB to collect and gather personal information from individuals wishing to participate. As such, and in order to ensure that the collection and protection of personal information to be gathered is in compliance with the Privacy Act and associated Treasury Board Secretariat privacy policies, this Privacy Impact Assessment examined privacy risks which may be associated with this online service. Identified privacy risks were mitigated, reduced or eliminated by implementing specific response measures.
Privacy Impact Assessment Objectives
- To assess, reduce and mitigate potential risks associated with the collection of personal information over the internet and enabling the secure keeping and destruction of this personal information.
Privacy Impact Assessment Findings and Risk Summary
While the ODF will require that personal information to be collected from users, said information would only consists in the users’ names users’ names (first and last), email address, password, and optionally their city and province. Also, given that access to the ODF will be provided through the NEB website, users IP addresses will also be collected by the NEB and SoapBox. There is also the ability for users to upload a profile picture which can be a picture of the user himself or any other picture the user may select. The posting of a picture is also optional. While this information does constitute personal information under the Privacy Act, a privacy breach of said information would not result in a significant impact on the users. Indeed, the personal information collected does not allow for the users to be readily identified. The information collected is basic, not overly sensitive to the users (i.e. as opposed to Social Security Numbers, financial information, home addresses, signatures), and does not readily lend itself to be used in the commission of a crime against the users.
Action Plan - Risk Mitigation
As discussed above the new ODF initiative is hosted by a contracted third party, SoapBox Innovations Inc. (SoapBox), who will be assuming the technical aspects of hosting the discussion forum, including managing the user profiles as well as the collecting and safeguarding of the users’ personal information.
As such, SoapBox has put in places numerous technical safeguards which align with NEB and Government of Canada requirements to ensure that the personal information collected is protected. For security reasons, these safety measures will not be discussed in this summary.
Security Management
No issues were identified.
- Date modified: