FishingBC App and National Recreational Licensing System (NRLS) Integration Initiative

Title of the PIA

FishingBC App and NRLS Integration Initiative

Government institution

Fisheries and Oceans Canada (DFO)

Head of DFO or Delegate for section 10 of the Privacy Act

Director, Access to Information and Privacy Secretariat

Senior Official or Executive for the new or substantially modified program or activity

Director General, Fisheries Resource Management (Pacific)

Name and description of the program or activity of the government institution

This initiative falls within DFO’s responsibility for fisheries management and conservation and protection. DFO’s fisheries management program(s) administers Canada's fisheries and promotes sustainability, allocating harvestable resources amongst indigenous rights holders, commercial harvesters, and recreational anglers. DFO’s conservation and protection program(s) ensures compliance with legislation, regulations, and management measures for the conservation and sustainable use of aquatic resources. The program also takes enforcement action against potential offenders, and works in close collaboration with its partners/stakeholders to implement effective controls and acceptable standards.

Legal authority

• Sections 17 and 22 of the British Columbia Sports Fishing Regulations
• Sections 43, 49 and 61 of the Fisheries Act

Personal information bank

Nationally Regulated Recreational, Domestic, and Sport Fishing (DFO PPU 415)

Short description of the project, initiative or change

The Remote Recreational Gateway Project (RRG) will develop an application programming interface (API) to link the FishingBC App (App) to DFO’s National Recreational Licensing System (NRLS). The App is a third party mobile application developed by the Sport Fishing Institute of BC (SFI) in collaboration with DFO. NRLS is DFO’s licensing system, which allows a fisher to register and purchase a Tidal Water Sports Fishing Licence (TWSFL). The RRG will develop an API to link the FishingBC App to NRLS, so that license and catch records for chinook salmon, halibut, and lingcod can be synchronized between the two system.

Risk area identification and categorization

The following section contains risks identified in the privacy impact assessment for the new or modified program. The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area.

Type of program or activity

Program or activity that does not involve a decision about an identifiable individual.

Level of risk to privacy: Low (1)

Type of personal information involved and context

Personal information, with no contextual sensitivities after the time of collection, provided by the individual with consent to also use personal information held by another source.

Level of risk to privacy: Low (2)

Program or activity partners and private sector involvement

Private sector organizations, international organizations or foreign governments. DFO is partnering with the SFI for the creation and implementation of the API. The SFI is a non-profit organization dedicated to promoting, enhancing and protecting sustainable sport fishing opportunities in the province of British Columbia.

Level of risk to privacy: High (4)

Duration of the program or activity

Long-term program or activity.

Level of risk to privacy: High (3)

Program population

For external administrative purposes affects certain individuals.

Level of risk to privacy: Medium (3)

Technology and privacy

The substantially modified activity involves the use of a new application to support the activity in terms of the creation, collection or handling of personal information.

Level of risk to privacy: Low (2)

Personal information transmission

The personal information is transmitted using wireless technologies. Linkage between the FishingBC App and NRLS will be via a two-way web service, and is secured by an authentication protocol to allow an individual fisher to link their App account to their NRLS account.

Level of risk to privacy: High (4)

Risk impact to the individual or employee in the event of a privacy breach

The personal information collected is largely limited to biographical information, contact information, and recreational catch data.

Level of risk to privacy: Low (1)

Risk impact to the institution in the event of a privacy breach

Potential managerial harm - Processes must be reviewed, tools must be changed, change in provider.

Level of risk to privacy: Low (1)