Language selection


Privacy impact assessment – electronic Individual Learning Plan

This privacy impact assessment (PIA) assesses the electronic Individual Learning Plan (ILP). The CNSC is committed to the training and development of its employees so that it can enhance the efficiency and effectiveness of its operations, achieve its mission objectives and permit the ongoing development of a professional, competent, versatile and motivated workforce. This includes information on training, staff development and personal development seminars. Personal results are maintained in the Learning Management System.

The Strategies, Programs and Learning Division (SPLD) needed a tool that employees could use to create their individual learning plan and that the Human Resources Directorate could use to monitor and track the approval process to address training requirements more effectively and efficiently.

The key business drivers of the project are:

  • To provide an electronic means of capturing the ILP information
  • To provide an electronic means for managers to review and approve an ILP
  • To provide a tool to help SPLD control and monitor the ILP approval process
  • To provide a tool to help SPLD with their analysis and reporting needs

Operational information collected in the context of this initiative is described in standard Class of Records, Training and Development PRN 927. Personal information collected in the context of this initiative is described in standard Personal Information Bank, Employee Personnel Records PSE 901.

Legal authority for program or activity:Nuclear Safety and Control Act, section 16(1).

Risk area identification and categorization

Type of program or activity

Personal information is used to make decisions that directly affect the individuals (including CNSC employees) applying for current CNSC employment opportunities and being considered for future career opportunities.

Level of risk to privacy – 1

Type of personal information involved and context

Personal information is collected directly from the individual and relates to the authorized activity of staffing and recruitment.

Level of risk to privacy – 1

Program partners and private-sector involvement

No external involvement in this activity.

Level of risk to privacy – 1

Duration of the program or activity

This is intended as a long-term initiative.

Level of risk to privacy – 1

Program Population

This initiative will affect CNSC employees using the e-ILP.

Level of risk to privacy – 1

Technology and privacy

A. Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) to support the program or activity with the creation, collection or handling of personal information?

Risk to privacy – Yes

B. Is the new or modified program or activity a modification of IT legacy systems and / or services?

Risk to privacy – No

C. Enhanced identification methods: This includes biometric technology, such as facial recognition, gait analysis, iris scan, fingerprint analysis, voice print and radio frequency identification (RFID). It also includes easy pass technology and new identification cards, including magnetic stripe cards and smart cards (i.e., identification cards embedded with an antenna, or a contact pad connected to a microprocessor and a memory chip or only to a memory chip with non-programmable logic).

Risk to privacy – No

D. Use of surveillance: This includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices, RFID, surreptitious surveillance/interception and computer-aided monitoring, including audit trails and satellite surveillance.

Risk to privacy – No

E. Use of automated personal information analysis, personal information matching and knowledge discovery technique: For the purposes of the Directive on Privacy Impact Assessment, government institutions are to identify activities’ use of automated technology to analyze, create, compare, cull, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends and patterns, or to predict behaviour.

Risk to privacy – No

Personal information transmission

Personal information is not transmitted outside the CNSC.

Level of risk to privacy – 1

Risk impact in the event of a breach

In the event of a breach, there could be reputational harm to the CNSC as well as to the individuals whose information is housed in the system.

Level of risk to privacy - 1

Delegated authority

Government official responsible for privacy impact assessment:

Natalie Harrington
Director General, Human Resources Directorate

Head of the government institution / Delegate for section 10 of the Privacy Act:

Phil Dubuc
Senior Access to Information and Privacy Advisor

Page details

Date modified: