Link Search Menu Expand Document

Draft

Edit or Request New Content

Appendix

Personal Information Flow Table

Step Action FOIPPA Authority
Research: Direct interviews with citizens, staff and via group sessions with ministry employees, onsite observation, call shadowing, and intercept interviews Collection of personal information 26(c)(e)
Prototype and Testing: A facilitator leads research participants through a set of tasks to observe and understand how tasks are being completed with a prototyped solution. Collection, Use 26(c)(e), 32(a)
Contact external agencies and organizations Collect public business contact information No personal information
Stipend: Participants will complete and sign a stipend receipt form (name, address, and signature) that they have received their incentive. Telephone participants will be emailed and asked to email back the same information in order to send the stipend and confirm receipt. Collection of name/address for financial confirmation (see stipend receipt template) Use of personal information to issue stipend Public body responsible for administering the stipend 26(c)(e), 32(a), 33.1(1)(i.1)
Session notes are transcribed by research team. Information is de-identified on a best efforts basis then used for analysis. Use of opinion information 32(a)
Follow up with the participant only if proof of receipt has not been received. Use, Disclosure 32(a), 33.1(1)(i.1), 33.2(a)

Risk Mitigation Table

Risk Mitigation Strategy Likelihood Impact
Employees could access personal information and use or disclose it for personal purposes Oath of Employment Privacy Training Low High
Request may not actually be from client (i.e. their email address may be being used by someone else) Implementation of confirmation procedures Low High
Inherent risks in sending personal information to a client via email Policy developed to inform clients of risk and ask if they would like the information via a different medium, such as through mail Medium Medium
Collection of third party information Moderation of policy for online public engagement Visible disclaimer before collection Staff training in privacy Participant Consent Form advises participants not to include personal information about another individual when being recorded (audio or visual). Public Engagement best practices in note taking Medium Low