Introduction
The Enterprise Secure Access Service (ESAS) is the function that on-line AAFC programs and services use to authenticate an individual's identity. ESAS allows individuals to set up online profiles using identifiers such as contact information. Other than linking to a publicly available database for verification of the postal code provided, the individual's personal information is not verified or validated when they set up their user identification.
The ESAS service is currently being used by "My AAFC Account" ( AAFC Portal) and the AAFC "Canada Brand" program. There is the potential to roll out the authentication service to additional AAFC programs.
The ESAS will use the AccessKey authentication tool via Public Works and Government Services Canada. This was previously known as ePass.
Objective
As ESAS authentication service involves the collection and management of personal information, a Privacy Impact Assessment (PIA) was conducted to determine if there were any privacy risks, and if so, to make recommendations for their resolution or mitigation.
Description
The personal information collected in support of the authentication service is limited to an individual's name and contact information. Once the individual's address is validated, the user chooses a log on ID and password and has effectively created an authenticated identity. That identity will be required for the individual to request electronic access to information about the AAFC programs and services to which they subscribe. This is enabled outside the ESAS process and is addressed in other AAFC program related PIA s.
Personal Information Bank (PIB) AAFC PPU 633 - Internal and External Credential Management Services provides details regarding the information collected in support of this service, including the use, retention and disposal standards.
Conclusion
As a result of the PIA , measures have been determined to mitigate risks associated with the collection of personal information. These include: the creation of a particular PIB and the modification of the ESAS privacy notice statement.
For further information on this PIA please contact:
Access to Information and Privacy
Tower 4, 5th Floor
1341 Baseline Road, Room 264
Ottawa, Ontario, K1A 0C5
Telephone: 613-773-1390
Facsimile: 613-773-1380
Email: aafc.atip-aiprp.aac@agr.gc.ca