Follow-up to the Office of the Privacy Commissioner’s Audit of the Security of Personal Information

Final Report

April 2016

Acronyms and abbreviations

ADB
Application Development Branch
CRA
Criminal Records Act
CCRTIS
Canadian Criminal Real Time Identification Services
CIO
Chief Information Officer
CPIC
Canadian Police Information Centre
DSB
Departmental Security Branch
MAP
Management Action Plan
MOU
Memorandums of Understanding
OPC
Office of the Privacy Commissioner of Canada
OSSC
Operational Systems Service Centre
PROS
Police Reporting and Occurrence System
RBAP
Risk-Based Audit Plan
RCMP
Royal Canadian Mounted Police
SPROS
Secure Police Reporting and Occurrence System

Executive summary

As Canada's national police force, the RCMP holds a vast array of personal information within its operational, administrative, and employee databases and within physical files. In executing its mandate, the RCMP has a legislative obligation to properly safeguard, maintain and in some cases, destroy this information. In 2011, the Office of the Privacy Commissioner (OPC) conducted an audit that examined the policies, systems, administrative controls and safeguards implemented by the RCMP for the safeguarding of personal information within the Canadian Police Information Centre (CPIC) and Police Reporting and Occurrence System (PROS) systems. The results of that audit indicated that the management of personal information held in operational databases needed improvement. The OPC audit contained six recommendations, five of which pertained to PROS, the RCMP's primary occurrence reporting system. With respect to PROS, the audit found that: personal information was being retained longer than required; the ability to review and investigate user actions was limited; there was insufficient monitoring of PROS user accounts; there was no review process to ensure users were complying with policies and procedures; and there was no process to remove access to records related to pardoned offences (now known as records suspensions). A sixth recommendation related to a lack of formal agreements for external agencies accessing the CPIC system.

In April 2014, the Commissioner approved an assurance engagement of the Security of Personal Information as part of the 2014-17 Risk-Based Audit Plan (RBAP). The engagement objective included a follow-up to assess the progress made in addressing the recommendations included in the 2011 Office of the Privacy Commissioner report, as well as an examination of similar controls relating to the Secure Police Reporting Occurrence System (SPROS).

The current audit found that the RCMP had effectively addressed the majority of the OPC's findings and recommendations. However, opportunities exist to further enhance the security of personal information maintained within RCMP operational databases by enhancing monitoring and compliance activities associated with the PROS and SPROS databases. Additionally, the RCMP should assess existing record suspension (pardon) procedures, with respect to the vetting of physical records, to ensure divisions are following an efficient approach that meets the requirements of relevant Federal Acts.

The management response included in this report demonstrates the commitment from senior management to address the audit findings and recommendations. A detailed management action plan is to be developed. Once approved, RCMP Internal Audit will monitor its implementation.

Management's response to the audit

Contract and Aboriginal Policing

Contract and Aboriginal Policing agrees with the findings and recommendations in the follow-up to the Office of the Privacy Commissioner's Audit of the Security of Personal Information. Work has begun to assess existing practices in place to monitor user access to PROS, as well as users' compliance to the terms and conditions governing the use of PROS and an action plan will be developed to further enhance appropriate measures that minimize and mitigate risks relating to inappropriate access and non-compliance. This may include examining automated and/or manual processes which could be implemented at the National or Divisional level. A detailed action plan will be available by June 2016 and will contain specific timelines and milestones to which the RCMP will adhere.

Contract and Aboriginal Policing agrees with the recommendation that records be appropriately purged from SPROS to be in compliance with the Privacy Act. This recommendation requires collaboration with the Deputy Commissioner, Special Policing Services, the Chief Information Officer and the Deputy Commissioner Federal Policing who assumed responsibility for SPROS policy and compliance in 2016. A meeting will be convened by April 2016 to ensure that all the participants are aware of the role that is required of them in order to develop a management action plan and to establish a transaction log review tool similar to that in PROS.

Byron Boucher, Acting D/Commr.
Contract and Aboriginal Policing

Special Policing Services

Overall, SPS agrees with the findings and recommendations in the follow-up to the Office of the Privacy Commissioners Audit of the Security of Personal Information. Work has begun to assist Contract Aboriginal Policing in assessing the technical requirements relating to the establishment of a review process to ensure users' compliance to the terms and conditions governing the use of PROS. In addition, SPS will work directly with officials in Federal Policing to ensure the same disposition features available in PROS are activated and maintained in SPROS. Finally, SPS has begun to assess opportunities for improvement within the current vetting of physical records process. Overall, SPS has initiated the assessment of the requirements, associated costs and other related challenges in the development of a detailed management action plan.

Peter Henschel, D/Commr.
Special Policing Services

1. Background

As Canada's national police force, the RCMP holds a vast array of personal information within its operational, administrative, and employee databases and within physical files. In executing its mandate, the RCMP has a legislative obligation to properly safeguard, maintain and in some cases, destroy this information.

Personal information includes factual or subjective information about an identifiable individual. This information can be in digital form within information management systems or databases, or in physical form within records or files. Within the RCMP, a significant amount of personal information collected through policing activities is housed in digital form in the following operational systems: the Canadian Police Information Centre (CPIC) system; the Police Reporting and Occurrence System (PROS); and the Secure Police Reporting Occurrence System (SPROS). CPIC is operated by the RCMP on behalf of the Canadian law enforcement community. CPIC provides information about crimes and the individuals who committed crimes. It is the only national information-sharing system that links criminal justice and law enforcement partners across Canada and internationally. PROS is the primary occurrence reporting and records management system used by the RCMP in all provinces except British ColumbiaFootnote 1. It is used to record all aspects of an incident involving police, from the moment an occurrence is reported to final disposition if the investigation proceeds to a court process. PROS contains information on individuals who have come into contact with police, either as suspects, victims, or witnesses. SPROS is the primary database for the electronic storage, retrieval and management of information relating to national security criminal investigations. It is also used, on an as required basis, to store classified criminal intelligence and other information relating to sensitive cases.

Protecting personal information within the RCMP is a collective responsibility that is actively carried out by several units. At the time of our audit, the Operational Systems Service Centre (OSSC), reporting to Contract and Aboriginal Policing (CAP), was responsible for both policy and the management of users' access associated with PROS and SPROS. Under the Chief Information Officer (CIO) Sector, the Information Management Branch (IMB) provides advice and guidance on the disposition of records and the identification of records of archival value. Finally, the Canadian Police Information Centre (CPIC), within Specialized Policing Services (SPS) is responsible for the management of the CPIC system.

In 2011, the Office of the Privacy Commissioner (OPC) conducted an audit that examined the policies, systems, administrative controls and safeguards implemented by the RCMP for the safeguarding of personal information within the CPIC and PROS systems. The results of that audit indicated that the management of personal information held in operational databases needed improvement. Specifically, the audit reported that memorandums of understanding (MOUs) communicating conditions of use and privacy provisions were not in place with all external users of the CPIC system. In the case of PROS: personal information was being held longer than required; users' access was not being adequately monitored; there was limited ability to review a user's actions; and there was no review or oversight process to provide assurance that users were complying with the policies and procedures governing the use of personal information.

In April 2014, the Commissioner approved an assurance engagement of the Security of Personal Information as part of the 2014-17 Risk-Based Audit Plan (RBAP). The engagement objective included a follow-up to assess the progress made in addressing the recommendations included in the 2011 Office of the Privacy Commissioner report, as well as an examination of similar controls relating to the SPROS system.

2. Objectives, scope and methodology

2.1 Objective

The objective of the audit was to determine whether processes in place to safeguard, maintain and destroy personal information held for operational purposes are timely, effective and meet policy requirements.

2.2 Scope

The main focus of the audit was to follow-up on the actions taken in response to the 2011 audit conducted by the Office of the Privacy Commissioner (OPC). While the OPC audit focused on personal information held within CPIC and PROS, this engagement also included review of controls in place to safeguard personal information within the RCMP's Secure Police Occurrence Reporting System (SPROS).

The audit was conducted in consideration of section 6 of the Privacy Act which defines personal information and the legislative requirements for securing it. The audit considered personal information stored for operational purposes in both digital and paper formats. The audit did not assess the accuracy or completeness of the personal information held by the RCMP and the impact this information may have had on management's decision making.

2.3 Methodology

Planning for the audit was completed in July 2015. In this phase, the audit team conducted interviews, process walkthroughs and examined relevant policies, directives, procedures and results of previous audit work performed.

Sources used to develop audit criteria and detailed audit tests included prior audit findings and requirements for handling of personal information as defined within the Privacy Act, Criminal Records Act and RCMP policies. The audit objective and criteria are available in Appendix A.

The examination phase, which concluded in November 2015, employed various auditing techniques including interviews, documentation reviews and physical observation. Upon completion of the examination phase, the audit team held meetings to validate findings with personnel and debriefed senior management of the relevant findings.

2.4 Statement of conformance

The audit engagement conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program

3. Audit findings

The 2011 Office of the Privacy Commissioner's (OPC) Audit of Selected RCMP Databases found that the management of personal information held in operational databases needed improvement. The OPC audit contained six recommendations, five of which pertained to PROS, the RCMP's primary occurrence reporting system. With respect to PROS, the audit found that: personal information was being retained longer than required; the ability to review and investigate user actions was limited; there was insufficient monitoring of PROS user accounts; there was no review process to ensure users were complying with policies and procedures; and there was no process to remove access to records related to pardoned offences (now known as records suspensions). A sixth recommendation related to a lack of formal agreements for external agencies accessing the CPIC system.

Management accepted the audit findings and recommendations and committed to taking immediate action to rectify all issues identified in the OPC audit. Accordingly, we expected to find that improvements had been made that strengthened the stewardship practices in place to protect personal information. Specifically, we expected that:

  • Formal agreements would be in place with all entities accessing the CPIC system;
  • Regular monitoring of user access and activity would be taking place on RCMP operational databases;
  • Internal and external users of PROS would be subject to regular review to ensure compliance with policies and procedures;
  • Information in PROS would be removed (purged) or sequestered in accordance with governing legislation.

Overall, we found that the RCMP had addressed five of the six recommendations from the OPC's 2011 audit. The recommendation to implement a review process to provide assurances that all users are complying with the policies and procedures governing the use of the personal information in PROS had not been put into place. In addition, over and above the recommendations stemming from the OPC audit, we found further opportunities exist to: improve the monitoring of PROS user accounts; extend the enhancements applied to PROS to other operational databases; and develop a more efficient and effective strategy for sequestering personal information in physical files.

3.1 CPI Centre

The CPI Centre has established tools to effectively communicate privacy provisions and expectations to all users.

In its 2011 audit of select RCMP operational data bases, the OPC found that the RCMP had developed and implemented policies and procedures to protect the personal information of Canadians being stored and retrieved from the CPIC system. Given that CPIC is accessed by external partners and other law enforcement agencies, the RCMP had established Memorandums of Understanding (MOUs) to communicate conditions of use, including privacy provisions, to all external users. The OPC audit found that the RCMP did not have agreements in place with 25% of police agencies that were accessing CPIC. The OPC recommended that the RCMP set a clear timeframe for the establishment of MOUs with all external entities to ensure terms of use and privacy provisions were effectively communicated.Footnote 2 The RCMP responded that it was actively in negotiations with the remaining 25% of agencies and expected that all MOUs would be in place by March 31, 2012.

With the exception of one police force, at the time of this follow-up engagement, agreements were in place with all external agencies and users in accordance with its established policies and procedures. Regarding the one outstanding MOU, interviewees reported that the police force has maintained a position that its provincial legislation precludes it from signing an MOU with a federal entity. CPI Centre has continued to hold discussions at the senior and executive management level in an effort to obtain a signed MOU. Additionally, while the MOU remains unsigned, CPI Centre has continued to share the current version of the MOU with that police force in an effort to meet its obligation to communicate RCMP expectations, conditions of use and privacy provisions.

The MOUs serving external users are renewed on a four-year cycle, which allows CPI Centre to periodically validate whether an agency has a continued need for access to the system as well as the opportunity to update the MOU to address any changes in policy and procedures. We reviewed the MOU templates used by CPI Centre to confirm that they appropriately address the RCMP expectations regarding the treatment of personal information. We also validated that the MOUs are being renewed on an ongoing basis.

For internal RCMP users, the audit examined whether training was provided to employees to ensure they are informed of their responsibilities with respect to policies and procedures governing CPIC and specifically its privacy provisions. The RCMP has developed and regularly offers two mandatory courses, the Query and Narrative course (QN) for users with read-only access and the CPIC Maintenance course for users who update and maintain CPIC records and information. The Query and Narrative course is available online to all CPIC agencies through the Canadian Police Knowledge Network and in the AGORA learning and development system for RCMP users. In 2012, 940 individuals completed the course, while 651 completed it in 2013. Information obtained from CPIC annual reports identified that the CPIC Maintenance course is provided to both internal and external users and that in 2012 and 2013 respectively, 202 and 343 users completed the course.

Our examination determined that the CPI Centre has processes in place to ensure expectations regarding privacy are communicated to all users and that the OPC recommendation to establish MOUs that communicate privacy provisions and expectations with all entities has been satisfactorily addressed.

3.2 Police Reporting and Occurrence System

Monitoring access and compliance with policy

Opportunities exist to enhance the RCMP's practices for monitoring access, and ensuring compliance to PROS policy regarding the use of personal information.

The 2011 OPC audit examined access controls to ensure the personal information contained within PROS was adequately protected from breaches to privacy. The OPC found that access rights were not always updated or disabled in a timely fashion as users moved between jobsFootnote 3. They noted that while RCMP policy requires that a user's access be revoked when no longer required or after 14 months of inactivity, at the time of their audit there were in excess of 1000 user accounts that had not been accessed in 14 months or longerFootnote 4.

The OPC recommended that the RCMP undertake regular reviews on the status of PROS user accounts and disable access when it is no longer required. The RCMP responded that it would immediately address the monitoring of users' access and would also examine its current training practices for employees who carry out the review of PROS user accounts.

At the time of our audit, requests for access to PROS and SPROS, by both RCMP and partner agencies, were being submitted to OSSC via the divisional records management coordinators. OSSC verifies that the required approvals have been obtained, and ensures that the users have obtained the required certifications prior to recommending that the Public Key Infrastructure (PKI) unit within the Chief Information Officer sector grants access. OSSC also ensures that when a partner agency is involved, an MOU is included with the documentation received from the coordinator. Additionally, the external legislative conformity unit within OSSC reviews the agency's applicable acts and agreements for any concerns that might need to be addressed.

We found that the controls associated with granting access are robust and that OSSC is regularly monitoring inactive PROS accounts, in accordance with the PROS policy. OSSC utilizes reports to identify inactive users on a regular basis and recommends their de-activation when required.

We found that a similar process was in place for de-activating SPROS user accounts which had no recorded activity.

While increased monitoring and removal of dormant accounts addresses the OPC recommendation, the risk remains that users who no longer have a requirement to access specific operational records may continue to do so. If an individual continues to use their account to inappropriately access records, it will never appear dormant and be removed. It is only through robust out-clearance processes, and processes to periodically reconfirm access requirements, that strict compliance can be assured.

While the OPC observation that user accounts that remain active beyond their requirement increase the risk of unauthorized accessFootnote 5 has been partially addressed through increased monitoring and removal of dormant accounts, there are additional opportunities to ensure only users with a continued requirement have access to the PROS and SPROS systems.

In addition to monitoring access controls, the OPC also examined the transaction logging capabilities which would allow the RCMP to assess PROS user activity in the case of incidents of potential misuse. The OPC found that transaction logs within PROS tracked individual user's activities, including the records viewed and modifications made. However, user activity was not being actively monitored, as the process to do so was not efficient, given that a tool had not been implemented to enable quick extraction and analysis of the transaction log data. Accordingly, the OPC recommended that the RCMP enable the audit (transaction) log review tool. The RCMP accepted the OPC's recommendation and committed to enabling the transaction log review tool.

We found that the transaction log review tool had been implemented and is currently being used by Divisional Criminal Operations Officers (CROPS) to review potential incidents of misuse by internal and external users. We also noted that the protocol for using the tool had evolved. Originally, use of the review tool required the approval of the Departmental Security Officer, however more authority and discretion has subsequently been given to CROPS to direct the use of the tool. Since its implementation, OSSC reported that they have been steadily receiving a few requests per week.

The Application Development Branch, within the CIO sector, reported that a similar transaction review log function has not been implemented within SPROS. As a result the RCMP does not have an efficient tool to detect and assess potential misuse of this system. SPROS has a user base of approximately 2500 users. SPROS users have unrestricted access to any file in the system. While there are fewer users, given the nature of the information contained in this database, the impact of a breach could be much greater.

The OPC also examined whether the RCMP had measures in place to ensure the 23 police partner agencies manage the personal information within PROS in accordance with applicable policy and procedures. The OPC found that MOUs were in place between the RCMP and the police partner agencies that communicate conditions of use including privacy provisions. It noted that the MOUs include provisions for the RCMP to conduct reviews of partner agencies' use of the system; however, it found that only a limited number of such reviews had been undertaken by the RCMP. Accordingly, it recommended that the RCMP adopt a consistent and regular review process to ensure that all users, including partner agencies, are complying with terms and conditions of use. Such review would assist in ensuring acceptable use and sharing of the information contained in PROS, and would examine security provisions, training requirements, breach-reporting procedures and the protocols in place to ensure the information contained in PROS is used only for legitimate law enforcement purposes.

Originally, the RCMP's response to the OPC audit indicated that as part of its Information Management Renewal Plan it would ensure that both internal and external users of PROS would be subject to a periodic review process. Due to resourcing constraints, the Information Management Branch communicated a new strategy in September 2014, advising that in place of a formal review process, training and awareness initiatives would be enhanced to address the area of user compliance.

During the current audit, CIO representatives reported that three projects were underway that would provide training and awareness with respect to the protection of information. This work included producing and distributing video material, developing training material and releasing a questionnaire to gauge the level of awareness of employees, among other actions. As of February 2016, these projects had not been completed although completion is expected in 2016.

The CIO's current initiatives to address user compliance are limited to improving internal users' knowledge and awareness through training and communication tools; however, the original OPC finding and recommendation spoke of monitoring and compliance through a formal review process that would assess compliance of all users, both internal and external.

Without a robust monitoring regime, the RCMP does not have assurance that all users are complying with the terms, conditions, and privacy provisions that govern the use of personal information within PROS. This creates an organization risk to the RCMP as the system owner and custodian of the information within PROS.

While the RCMP has improved its' monitoring and removal of dormant accounts, opportunities exist to improve the monitoring of inappropriate or unnecessary access. The RCMP has successfully implemented a transaction log review tool to enable timely review of user transactions for PROS; however, similar functionality should be implemented within SPROS. Finally, the RCMP should re-examine its approach to oversight and compliance with PROS policies to include a review function.

Management of record suspensions

Opportunities exist to enhance the RCMP's practices with respect to the processing of records suspensions (pardons) in physical records and files.

In its 2011 audit, the OPC examined whether the RCMP was managing personal information retained in PROS in compliance with information retention requirements stipulated in federal acts. The OPC found that the RCMP had developed policies and procedures, in accordance with applicable legislation, concerning how long information should be retained and when it should be disposed. However, the OPC found that the policies were not being followed and the RCMP was not purging records from PROS as required. As a result, information that should have been purged because it had reached its retention limit (as determined by the date of the longest sentence imposed as a result of an investigation) was still accessible. The OPC recommended that the RCMP purge PROS data that had reached established retention dates to be compliant with the Privacy Act. The RCMP accepted the recommendation, advising it would take immediate action.

The RCMP addressed this finding in 2012 and the majority of records to be removed had been successfully purged by the end of the year. While in 2013 there was an instance where a technical issue relating to a systems update resulted in the backlog of more than a million records, we were able to confirm that Applications Development Branch had effectively resolved the issue and the backlog had been purged. We also found that Applications Development Branch had taken measures to ensure that subsequent systems upgrades would not result in similar interruptions in the purging process.

Although the OPC audit resulted in changes with respect to purging of records in PROS, our examination determined that despite having similar record retention requirements, records are not being appropriately purged from SPROS. SPROS is built on the same platform as PROS and therefore has the same basic functionality; however, we found that the purge functionality within SPROS has not been enabled. As a result, the RCMP is at risk of being non-compliant with the provisions of the Privacy Act.

The OPC also found, while examining the purging process, that the RCMP had not yet established a process to remove pardoned offences and wrongful convictions from PROS. The OPC highlighted that if this information is not removed in a timely manner it could impact the privacy of individuals and hinder their employment opportunities, international travel, and volunteer activities.

A pardon, also referred to as a record suspension, allows individuals who were convicted of a criminal offence, but have completed their sentence and demonstrated they are law-abiding citizens, to have their criminal record kept separate and apart from other criminal recordsFootnote 6. This is also referred to as sequestering.

The OPC recommended that the RCMP implement processes to remove access to pardoned offences and wrongful convictions and the RCMP agreed to do so.

Accordingly, we expected to find that the RCMP was sequestering pardoned offences and wrongful convictions within PROS; we also expected to find that access to information relating to pardoned offences and wrongful convictions in hard copy records and files was being restricted.

We found that the Information Management Branch had developed detailed procedures on processing pardons within PROS. Within the RCMP, Canadian Criminal Real Time Identification Services (CCRTIS) receives notification of pardons or wrongful convictions from the Parole Board of Canada. CCRTIS sequesters the appropriate records in the CPIC system upon receipt of this information; it then advises the RCMP Divisions and police partner agencies that contributed information to the CPIC sequestered records. It is the responsibilities of those organizations to sequester the relevant records and information within other databases, i.e. PROS and SPROS. Information obtained through interviews revealed that CCRTIS has not always been timely in advising the divisions regarding record suspensions. The divisions typically receive the notifications in batches, and delays of several months have been noted.

Upon notification by CCRTIS, divisional information management coordinators query PROS, and sequester the appropriate records into a secure area within the system. Following the OPC audit, the RCMP created specific user-access profiles which only allow the specified users to access the sequestered records and information. Overall, based on our testing and discussions with management, we found that the RCMP had addressed the OPC's finding and recommendation concerning the sequestering of information in PROS. While the OPC did not review processes in place to sequester information in physical files, this was included as part of our audit scope. At the four visited divisions, varying practices were observed, some considerably more efficient than others.

While hard copy operational records and files can be maintained at the headquarters, divisional IM, or detachment levels, the majority of these records are held by detachments. Divisional IM offices review and sequester any divisionally-held records for their clients including federal units such as commercial crime, major case management, and border security. Divisional IM offices strive to address record suspensions promptly upon receipt, however considering the amount of administration involved and resource limitations, differing mitigation strategies had been implemented by the divisional IM offices. While the practices differed, division IM offices were all striving to ensure that the sequestered information is held separate and apart from other information as stipulated in the Criminal Records Act. We observed that while some divisional IM offices completed a detailed file review to determine what information needed to be sequestered, others completed only a cursory review or had no review process in place. In one division, where no detailed review was being done, complete files containing information that may relate to pardoned offences were flagged and stored in a separate location. These files would only be reviewed in detail to remove sequestered information if access to the file was sought by someone outside of the divisional IM organization. This observed practice does meet the Criminal Records Act requirement, and depending on the nature of the file and the availability of resources, could be a best practice in the efficient administration of this process.

In the case of detachments, there is no oversight or monitoring at either the divisional or national level, to ensure they are taking sufficient action to comply with the requirements for sequestering information related to a record suspension. Divisional Managers expressed concerns regarding the capacity of detachments to effectively manage this process given their other core duties. As the majority of the records are held at the detachment level, this poses significant risk.

Although the RCMP has addressed the issue of sequestering pardoned offences and wrongful convictions within PROS, there are opportunities to improve the timeliness of the process, and to implement more complete and efficient approaches to the sequestering of hard copy records and files.

4. Recommendations

  1. The Deputy Commissioner, Contract and Aboriginal Policing, should assess, and enhance as appropriate, the practices in place to monitor user access to PROS; and the monitoring of risks relating to inappropriate access to PROS.
  2. The Deputy Commissioner, Contract and Aboriginal Policing in collaboration with the Deputy Commissioner, Special Policing Services and the Chief Information Officer should establish a periodic review process to ensure users' compliance to the terms and conditions governing the use of PROS.
  3. The Deputy Commissioner, Special Policing Services in collaboration with the Chief Information Officer and the Deputy Commissioner, Contract and Aboriginal Policing, should ensure that records are being appropriately purged from SPROS to be in compliance with the Privacy Act. Consideration should also be given towards enhancing SPROS user-monitoring capability by enabling a transaction log review tool.
  4. The Deputy Commissioner, Special Policing Services in collaboration with the Chief Information Officer should assess existing record suspension (pardon) procedures, with respect to the vetting of physical records, to ensure divisions are following an efficient approach that meets the requirements of relevant Federal Acts.

5. Conclusion

Overall, the RCMP has effectively addressed the majority of the OPC's findings and recommendations. However, opportunities exist to further enhance the security of personal information maintained within RCMP operational databases by enhancing monitoring and compliance activities associated with the PROS database.

In addition, the RCMP should ensure that records are being appropriately purged from SPROS, in compliance with the Privacy Act. Consideration should also be given to enabling monitoring of SPROS users' activities by implementing a transaction log review tool.

Finally, with respect to the management of physical records and information that pertains to pardoned offences and wrongful convictions, the RCMP should consider enhancing existing record suspension (pardon) procedures, to establish a consistent and streamlined approach that meets the requirements of relevant Federal Acts.

Appendix A – Audit objectives and criteria

Objective: To determine whether processes in place to safeguard, maintain and destroy personal information are timely, effective and meet policy requirements.

  • Criterion 1:
    The RCMP has established and implemented procedures governing the access and use of personal information.
  • Criterion 2:
    The RCMP has established and implemented procedures, consistent with existing policies, to remove or make inaccessible, personal information.
  • Criterion 3:
    Ongoing technical requirements to maintain the security of personal information are being addressed.

Footnotes

Date modified: