Overview and PIA Initiation
Communications Security Establishment (CSE)
Name and Description of the Program or Activity of the Government Institution
Government of Canada Key Management Infrastructure (GC KMI).
Short Description of the Project, Initiative or Change
Pursuant to the Policy on Government Security, CSE has been delegated as the lead security agency and national authority for Communications Security (COMSEC), which includes COMSEC material such as cryptographic keys. This Core PIA describes how CSE will protect personal information collected, used, and retained for the exclusive purpose of supporting GC KMI operations. Subsequently, this PIA assesses the privacy implications of key management and describes mitigation processes to address privacy risks.
The objective of COMSEC is to deny unauthorized access to and verify the authenticity of information derived from telecommunications and to ensure the authenticity of such telecommunications. The Government of Canada, like governments and industries around the world, is increasingly dependent on distributed information technology in business operations and a major concern with respect to electronic information delivery is the preservation of the confidentiality of nationally sensitive (classified) information. Key Management Infrastructure is one such means to protect this type of information and remove information assurance as an impediment to operational efficiency and effectiveness.
Legal Authority and Policy Instrument(s)
Laws & Regulations:
National Defence Act, RSC 1987, c N-5, Section 273.64(1) CSE mandate Financial Administration Act, section 7(1)
Policy on Government Security, section 3.9 Departmental Security Management and individual security screening and Appendix B CSE Lead Security Agency Responsibilities
Personal Information Bank (PIB)
Standard TBS Personal Information Banks, PSU 917 (Personnel Security Screening) and PSE 917 (Identification Cards and Access Badges)
Class of Records
Standard TBS Classes of Records, PRN 920 (Recruitment and Staffing) and PRN 931 (Security)
Overall Risk Assessment
Moderate Privacy Risk