Privacy impact assessment summary — Parks Canada national point of sale solution
Description of program/activity
Since 2010, Parks Canada (PC) has operated a national point of sale (POS) solution that is used to collect approximately $90M per year in revenues and record on-site transactions at over 250 visitor facilities across Canada. Approximately 3 million transactions per year are processed via the POS solution, and the vast majority of these transactions (over 90%) are conducted anonymously and do not require any personal information from visitors.
Overview and PIA Initiation
In November 2022, a contract was awarded to Tri City Retail Systems, of Waterloo, Ontario for a new POS solution that will be launched at PC facilities in 2023. The contract states that the Government of Canada has control over the location of the POS database(s), network traffic and data between solution components, where there is concern with certain jurisdictions or the laws of a certain jurisdiction. Given that only basic personal information such as name, address and contact information is collected, the impact on the individual is assessed as low.
Summary of analysis and recommendations
PC at large is adequately accountable in terms of privacy and the protection of personal information. Individuals are informed of the purpose of the collection at the time of the collection in the Privacy Notice Statement and also in a new institution-specific personal information bank (PIB) for the POS solution. Overall, PC is in compliance with the Privacy Act and the Treasury Board of Canada's Policy on Privacy Protection.
The Privacy Impact Assessment (PIA) identified some low residual risks that require further and/or continued mitigation to manage exposure to privacy risk. It will also be important for ongoing contractual compliance monitoring of the Contractor's obligations by PC staff/project authorities to ensure that the contractor consistently meets its contractual obligations regarding privacy and security of personal information. As such, mitigation measures have been documented in the PIA to address all revealed risks.
In order to have access to the full PIA, please submit a formal request at the following link: Access to Information and Privacy (ATIP) Online Request (apps.gc.ca).
- Date modified :