Web Summary – Privacy Impact Assessment – Administrative Investigations Program

An administrative investigation can be defined as a formal fact-finding inquiry, conducted by an investigator, which examines allegations of misconduct in order to determine whether wrong-doing has occurred and, if so, the persons or entities responsible, as well as the amount of loss. The purpose of which is to allow management to make an informed decision.

An administrative investigation is conducted to probe allegations of employee financial misconduct and to confirm or deny their validity. The Special Investigations Division may undertake investigations for the following incidents: financial fraud, malfeasance, or losses of money and/or property of the Crown. A systematic evaluation of the circumstances and facts surrounding an allegation is required. The administrative investigation may be conducted independent of or in conjunction with a criminal investigation; however, the latter is conducted by a law enforcement agency and is not a substitute for an administrative inquiry.

After an administrative investigation is conducted, a report is provided to senior management with the facts of the case, including what weaknesses led to the loss and what controls are recommended to mitigate future risks. This report is then taken into consideration in management's decision to impose administrative and/or disciplinary measures.

Key Risks Identified:

Overall, the Administrative Investigations Program poses a low risk to privacy. This is due primarily to the high degree of care demonstrated by ZIU personnel in handling sensitive personal information collected and used during the course of an investigation. The following specific risks were identified in this assessment:

  1. A Threat Risk Assessment (TRA) for the case management software has not been completed as of the writing of this assessment (September, 2016).
  2. There are no standard operating procedures (SOPs) in place requiring that investigation reports and other material only be transmitted over the department’s secure C-5 system.

Mitigating Strategies:

To mitigate these risks, the following strategies are recommended:

  1. The case management software will not be implemented by GLOBAL AFFAIRS CANADA until the TRA is completed and approved by executive committee.
  2. ZIU will ensure all staff complete formal data protection training with particular regard to the importance of storing and transmitting sensitive personal information in a secure manner.
Date Modified: