Privacy Impact Assessment on the Disaster Mitigation and Adaptation Fund

---

Title of the PIA

Privacy Impact Assessment on the Disaster Mitigation and Adaptation Fund

Government Institution

Infrastructure Canada (INFC)

Head of INFC or Delegate for Section 10 of the Privacy Act

Melanie Davis, Director, ATIP and Executive Correspondence

Senior Official or Executive Responsible for the New Initiative

Annie Geoffroy, Director, Communities and Disaster Mitigation and Adaptation

Name and Description of the Program or Activity of the Government Institution

Disaster Mitigation and Adaptation Fund

Legal Authority

The legal authority for the collection of personal information is Order in Council P.C. 2004-0325.

Personal Information Bank

There is currently no registered personal information bank for DMAF. However, there is a class of personal information – Grant and Contribution Programs.

Short Description of the New Initiative

The Disaster Mitigation and Adaptation Fund is a national, competitive, merit-based contribution program. The fund is aimed at strengthening the resilience of Canadian communities through investments in infrastructure projects, including natural infrastructure projects, enabling them to better manage the risk associated with current and future natural hazards, such as floods, wildfires and droughts. This program has requested an information technology solution for their upcoming two-stream program intake. 

Risk Area Identification and Categorization

The following section contains risks identified in the PIA for the new or modified program. The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area.

Type of Program or Activity

Program or activity that does not involve a decision about an identifiable individual.

Level of risk to privacy: 1

Type of Personal Information Involved and Context

Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program. (For example, the renewal of a licence.)

Level of risk to privacy: 1

Program or Activity Partners and Private Sector Involvement

Within the institution (among one or more programs within the same institution), with other government institutions, with other institutions or a combination of federal, provincial or territorial, and municipal governments and private sector organizations.

Level of risk to privacy: 4

Duration of the Program or Activity

Long‑term program or activity

Level of risk to privacy: 3

Program Population

Personal information is collected from individuals outside INFC. However, it is not used for an administrative purpose, but it is placed in a database and it is retrievable by name.

Level of risk to privacy: 1

Technology & Privacy

The program or activity requires modifications to information technology (IT) legacy systems.

Level of risk to privacy: 3

Personal Information Transmission

The personal information is transmitted using wireless technologies.

Level of risk to privacy: 4

Risk Impact to the Individual or Employee in the Event of a Privacy Breach

Inconvenience, reputation harm, embarrassment

Level of risk to privacy: 2