Recruiting Module of the Human Resources Management System (HRMS)

Executive Summary

The Department of Foreign Affairs and International Trade (DFAIT) manage their HR data across the Government of Canada (GC) Human Resource Management System (HRMS) version 8.9.  A Privacy Impact Assessment (PIA) of version 8.9 was completed and approved in February 2010. Subsequently, DFAIT implemented the Recruiting Module of the People Soft Version 8.9.

A PIA was completed to adequately assess and address the privacy implications involved with the Recruiting Module. It was DFAIT’s response to its obligations under the Treasury Board of Canada Directive on PIA.

The PIA focussed on personal information collected, used, disclosed and retained within the HRMS Recruiting Module.  It did not encompass HR-related information that exists outside of the Module, nor did it depict information within the system that is not considered “personal” as defined in the Privacy Act.

At the time the PIA was completed, the HR community administered their staffing business processes through various internal and external systems ranging from customized spreadsheets to black book systems. On January 27, 2010, Veterans Affairs Canada (VAC) has successfully implemented a series of enhancements to allow end-to-end automation of the recruiting process, including interfacing with the Public Service Resourcing System (PSRS) and PubliService. The business drives to undertake these enhancements to the existing Recruiting Module were as follows:

• Reduce the amount of data entry, in particular double data entry needed by users.  This was important for DFAIT as many of their selection processes involve a very large number of applicants (not unusual to see selection processes with 100s if not 1000s of applicants).  DFAIT is an employer of choice in the Capital region.
• Make the application user friendly, intuitive to use and reduce the amount of navigation and mouse clicks needed. To reduce training time, and again, due to the large number of candidates, data entry should be simple and not require a lot of navigation.
• Have the Recruiting Module and VAC enhancements conform to the processes and practices already in use by DFAIT for Canadian Based Staff (CBS). Specifically, have the system meet the process, not the other way around.  DFAIT has established recruiting process that conforms well to their business; in particular DFAIT sends a large amount of rotational employees (Foreign Services) on posting abroad and the criteria established for each processes have been carefully established.
• Manage and track all selection process for all CBS type of positions.
• The implementation of this Module was beneficial to managers responsible for selection processes as it will help facilitate and monitor every stage of a selection process and maintain all relevant information into one single database as opposed to several.

The PIA concluded that the implementation of the Recruiting Module would not involve the collection of additional personal information.

The nature and scope of the Recruiting Module indicated few privacy issues as contemplated by the PIA Guideline questionnaires as well as proper mitigation strategies to respond to those issues.

The PIA only identified the following area as non-compliant with privacy requirements and recommended proper mitigating measures described below:

1. Procedures and documentation (medium-level risk)
   • There were no retention and disposal schedules in place for the personal information collected. Establishing a HRMS data retention and archiving, disposal policy and schedules for the personal information were identified as mitigating strategies.
   • There was no existing policy to address privacy breaches involving personal information from the HRMS Recruiting Module. Establishing a HRMS documented privacy breach policy as well as subsequently communicating it to employees was identified as mitigating strategies.