The mission of the Canadian Firearms Program (CFP) is to enhance public safety by helping reduce death, injury and threat from firearms through responsible ownership, use and storage of firearms, and by providing police and other organizations with operational and technical support vital to the prevention and investigation of firearms crime and misuse in Canada.
The CFP is a business line in the Royal Canadian Mounted Police (RCMP) that is made up of accredited law enforcement agencies and provincial Public Safety institutions. One of the key areas of responsibility for the CFP is the issuance of licences.
In general, all individuals that possess or use firearms must be licensed. There are two types of firearms licences available to individuals, Possession Only Licence (POL) or Possession and Acquisition Licence (PAL). These licences are issued for a term of 5 years and as stated in the Firearms Act, firearms licence holders are responsible for renewing their licences prior to expiry.
The renewal of an individual's firearms licence is the CFP's largest operational business activity. As a component of the Web Transformation Project, the Program is introducing automated channels of submission for this business activity through the CFP Online Firearms Licence Renewal and Payment Processing Initiative.
The Privacy Impact Assessment (PIA) referenced in this material is multi-jurisdictional in nature including the federal jurisdiction of the RCMP CFP and those provincial jurisdictions where the Program is administered by a designated Chief Firearms Officer (CFO), as is the case in the provinces of Ontario, Quebec, New Brunswick, Prince Edward Island and Nova Scotia. This is a new PIA and is limited to the information gathered from adult individuals in the Online Licence Renewal Initiative portion of the CFP web services.
Since May 17, 2006, the RCMP has been the primary institution responsible for personal information collected, used and stored in the CFP. At that time, the Commissioner of the RCMP was designated by the Governor in Council as the Commissioner of Firearms, in accordance with section 81.1 of the Firearms Act. In addition, CFOs may collect, use and store additional individual licence information in paper records as part of licence eligibility investigations. All personal information collected, used and stored in the CFP is subject to the Firearms Records Regulations. None of these legislative requirements will change as a result of the Online Licence Renewal Initiative.
The Director General of the Canadian Firearms Program is the delegated officer for this initiative and a Senior Business Analyst for the CFP has been assigned overall responsibility for this PIA.
The Online Licence Application Renewal component of the Program's Web Transformation Project will allow clients to apply online to renew their firearms licence, not only enhancing client service, but also promoting process efficiencies within the Program. Legal authorities to collect, use and store information obtained via individual licence applications are drawn from the Firearms Act and its associated Regulations. Personal information gathered pursuant to the Online Licence Renewal Application will be managed consistently with the existing Personal Information Banks (PIB) governing information in the Canadian Firearms Program (RCMP PPU 100) and the Canadian Firearms Information System (CFIS) (RCMP PPU 037).
In addition, the RCMP Individual Web Services (IWS) has adopted the Government of Canada (GoC) Branded Credential Services Key (GCKey) and Secure Key Concierge authentication solutions. These authentication solutions provide individuals with a choice in the credentials they use to authenticate online GoC programs and Services in a secure manner.
As part of its commitment toward security and the protection of privacy and personal information collected from individuals, the RCMP CFP is implementing the Receiver General Buy Button (RGBB) to process credit card payments.
The privacy concerns and risks identified during the Online Licence Renewal and Payment Processing Initiative Privacy Impact Assessment are summarized below. This section also outlines how these risks have been avoided or mitigated.
The PIA identified a possible risk with Public Access to the IWS applications within the RCMP Network. In order to secure the web application, multiple safeguards and procedures are in place to limit the vulnerabilities and mitigate these risks including: Network Security zoning, Web Application Firewall (WAF) and the McAfee AV appliances malicious code and anti-virus measures; leverage existing RCMP Internet Presence Environment (IPE) and prevent any direct communication between the user and the IWS applications. Also the use of "IBM Security Appscan" application is being employed to identify application vulnerabilities and reduce overall application risk during the development period.
Access control around the RCMP IWS Online licence renewal application is another privacy risk that is being mitigated through the use of the GCKey, Secure Key Concierge and housing the application on the RCMP Internet Presence Environment solution by reducing the anonymity of an individual and by monitoring individual identity and access. For example, procedures are in place to enable the RCMP CFP/CIO to lockout an individual as required.
Unauthorized access to Online Licence Renewal data sources by RCMP CFP employees, such as the Canadian Firearms Information System (CFIS), is mitigated through Role Based Access Control, so an employee is afforded access based on their need to know, which means the need for someone to access and know information in order to perform his/her duties, and their right to know, which means the legal authority, including the appropriate security clearance to access classified information.
In order to mitigate privacy risks associated to credit card payments, the RCMP CFP is implementing the Receiver General Buy Button (RGBB). Safeguards to ensure that RCMP CFP employees cannot link personal data collected from a firearms licence applicant to payment information that would facilitate fraud and identity theft. Also, when credit card information is collected by a call centre agent over the phone, RGBB technological safeguards will ensure credit card information is irretrievable once taken.
A privacy concern related to the sharing, handling, release and dissemination of information is mitigated through an acknowledgment of responsibility by each employee of acceptable user practices for RCMP Information Technology. This ensures that employees follow RCMP policy, Treasury Board of Canada Secretariat, management of information technology/security and security practices regarding the protection of sensitive information. In addition, disclosure of personal information will be done in accordance with section 8 of the Privacy Act and when in doubt, RCMP ATIP will be consulted.
The PIA identified a privacy risk of sharing Program information with law enforcement officials in both Canada and the United States of America. Risks are mitigated through Memorandums of Understanding outlining the terms of access to Program Information. In addition RCMP policy on sharing, handling and release/dissemination of information is employed to mitigate privacy risks. Online Licence Renewal will not increase the risk.
The privacy concern that the Online Licence Renewal Application permits two way communication and manipulation of individual information in CFIS and possible malicious or inadvertent misuse of data is mitigated through a number of safeguards. These safeguards include: application and data logging, scripting detection and deterrents, limits on the retrieval of data to one record at a time and in a read only state, and finally a safeguard that limits an individual to the retrieval of data to their data only.
The IWS login window uses personal data elements to confirm a person's identity. A privacy risk exists if an imposter gains unauthorized access to IWS and inadvertently or maliciously uses the personal data. These risks are mitigated through safeguards such as a limited number of login attempts, after which the account will be locked out for a period of time unknown to the public. In addition, the data match algorithm at login will not be made public. A future update to the IWS login window will replace personal data elements with a more robust user ID/password system. Finally, as already identified in privacy concern #7, these risks are also mitigated with application and data logging, scripting detection and deterrents, limits on the retrieval of data to one record at a time and in a read only state.
In order to mitigate the risk of identity theft and identity fraud, the current process for firearms licence renewals submitted by paper applications includes a manual comparison check of the individual client's previous photo to the newly submitted photo. Any anomalies identified between the two photos are referred to the appropriate jurisdiction of the Chief Firearms Officer for investigation to ensure the application is not fraudulent. This process of a manual comparison check will also be done for online licence renewal applications.
This executive summary will be posted to the RCMP corporate website as required under Section "F" - Public Reporting of the Core Privacy Impact Assessment of the Treasury Board Directive on Privacy Impact Assessment. InfoSource descriptions of RCMP Personal Information Banks RCMP PPU100, 037 will be updated to include credit card information as per Treasury Board scheduled InfoSource publication update. Finally, the RCMP CFP has developed a communication plan to explain the Online Licence Renewal and Payment Processing Initiative which will be published to the RCMP corporate website in conjunction with the launch of the initiative.