Open Source Information Collection (OSIC) Initiative

Title of the Privacy Impact Assessment

Open Source Information Collection (OSIC) Initiative

Government Institution

Fisheries and Oceans Canada (DFO)

Head of DFO or Delegate for Section 10 of the Privacy Act

Director, Access to Information and Privacy Secretariat

Senior official or executive for the new or substantially modified program or activity

Director General, Conservation and Protection

Name and description of the program or activity of the government institution

The Conservation and Protection (C&P) program promotes compliance with legislation, regulations, and management measures for the conservation and sustainable use of aquatic resources, takes enforcement action against alleged offenders and works in close collaboration with its partners/stakeholders to implement effective controls and acceptable standards using innovative compliance and enforcement tools and  strategies. It is made up of the National Fisheries Intelligence Service, Enforcement Operations and Integrated Business Management Solutions. The program has adopted an intelligence-led compliance and enforcement model based on three pillars: 1) education, shared stewardship and stakeholder engagement; 2) monitoring, control, and surveillance activities; and 3) major cases and special investigations. It works closely with a wide range of partners, including law enforcement, industry, provinces and territories and Indigenous communities, to ensure safe, peaceful and orderly fisheries, to detect and deter illegal, unregulated and unreported fishing, and to monitor contaminated shellfish closures ensuring only legally harvested and safe products enter the marketplace. It contributes , working with the CCG, to the protection of Canadian sovereignty and in identifying potential marine safety and security threats in Canadian waterways. The program is supported by third-party services and partnerships. The public assists by reporting violations through “Observe, Record, Report” and Crime Stoppers programs.

Legal authority

• Section 2 of the Criminal Code
• Subsections 5(1), 5.1, 38(1), 38(3), 38(3.1), 39.1, 49(1), 49(1.1), 49.1(1), 49.1(3), 49.1(4), 49.1(5), and 56.1(1) of the Fisheries Act
• Section 85(4) of the Species at Risk Act

Personal Information Bank

• Violations under Canadian Fisheries and Fish Habitat Legislation (DFO PPU 460) and
• National Fisheries Intelligence Service (DFO PPU 140)

Short description of the project, initiative or change

C&P is strengthening its intelligence and enforcement capacity, via OSIC, to support its mandate: the protection of Canadian fisheries and the timely enforcement of fish habitat legislation. OSIC technology relies on  publicly  accessible information  on social-networking sites, picture and video sharing websites, blogs and forums, commercial websites, and media sources to collect data. The data collected from these open sources may consequently be used by DFO to detect and address violations to relevant legislation.

Risk area identification and categorization

The following section contains risks identified in the PIA for the new or modified program. The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area.

Type of program or activity

Personal information is used for investigations and enforcement in a criminal context.

Level of risk to privacy: 4

Type of personal information involved and context

Sensitive personal information could be collected, including detailed profiles, allegations or suspicions and bodily samples, or the context surrounding the personal information is particularly sensitive.

Level of risk to privacy: 4

Program or activity partners and private sector involvement

The OSIC Initiative uses private sector software featuring forensic grade evidence collection tools. The vendor’s access to the software is limited to technical support.

Level of risk to privacy: 1

Duration of the program or activity

Long-term program or activity.

Level of risk to privacy: 3

Program Population

For external administrative purposes affects certain individuals.

Level of risk to privacy: 3

Technology and privacy

The initiative involves implementation of new technologies or one or more of the following activities:

• enhanced identification methods
• surveillance
• automated personal information analysis, personal information matching and knowledge discovery techniques

Personal information transmission

The personal information is transmitted using wireless technologies.

Level of risk to privacy: 4

Risk impact to the individual or employee in the event of a privacy breach

Potential reputation harm, embarrassment – The personal information collected is publicly available on the internet.

Level of risk to privacy: 2

Risk impact to the institution in the event of a privacy breach

Reputation harm, embarrassment, loss of credibility – The personal information collected is publicly available on the internet.

Level of risk to privacy: 4