National Initiatives

CAF Privacy and Security

iCAMS is an Internet-based database that CIC introduced to collect information on the settlement assistance programs it funds. The system also collects some information about clients, such as their education, their country of origin and the languages they speak, as well as the services they have been provided with and used.

A number of safeguards are in place to ensure that the information gathered through iCAMS remains private. CIC has done additional studies, such as threat and risk assessments and a privacy impact assessment, to make sure that iCAMS is secure.

Privacy Pamphlet and Poster

CIC has produced a pamphlet and poster for settlement and resettlement clients that explains the purpose of information collection in iCAMS.

Service provider umbrella organizations were consulted on the draft pamphlet, and the final version incorporates their comments, as well as those submitted by CIC colleagues. The pamphlet is called Gathering information to better meet the needs of newcomers to Canada.

Copies of the pamphlet and poster were first distributed at LINC training on iCAMS in November/December 2002. CIC has also had the pamphlet translated into the 13 languages most commonly spoken by permanent residents and refugees. These translations and additional copies in French and English were sent to SPOs in December 2002.

To order more copies in English or French, service provider organizations should contact CIC Communications Branch by fax at (613) 954-7619. A copy of the pamphlet is also included below.

Gathering information to better meet the needs of newcomers to Canada
>> Adobe® Acrobat format, size: 253 K 8pp

Privacy Impact Assessment

As required by law, CIC has prepared a Privacy Impact Assessment (PIA) for iCAMS.

A PIA is a process that makes sure privacy is considered during the design of a program. It looks at how collecting personal information could affect individual privacy and suggests measures to avoid or mitigate privacy risks.

For more information on the iCAMS PIA, read the Privacy Impact Assessment Report Summary below.

Privacy Impact Assessment Report -- Summary of Results (August 2002)
>> Adobe® Acrobat format, size: 62 K

iCAMS Security Requirements for Service Provider Organizations

To make sure the client information entered into iCAMS is carefully protected, service providers must implement a series of security requirements within six months of the time iCAMS is rolled out for their program.

While service providers already follow federal privacy laws to protect client information under the contribution agreement, privacy experts advised that because the system is Internet-based and contains a large amount of sensitive data, some additional measures should be introduced. As a result, CIC has introduced user, technological and physical security requirements for service providers.

In developing these requirements, CIC also considered the recommendations in a Canadian Council for Refugees (CCR) report that studied the effects of implementing such measures.

User requirements: All service provider users (except long-term employees) undergo reliability assessments before being issued usernames and passwords to use iCAMS.

Technological requirements: To protect client information from external threats, such as those arriving over the Internet, and from internal threats, such as unauthorized access, service providers are required to install anti-virus and firewall software on all computers that access iCAMS.

Physical requirements: Users are required to take precautions against unauthorized persons accessing iCAMS (for example, making sure computer monitors are turned away from public access areas and windows).

• iCAMS Security Requirements for Service Provider Organizations (November 2002)
  >> Adobe® Acrobat format, size: 350 K