Treasury Board of Canada Secretariat - Government of Canada
Skip all menusSkip first menu
Français Contact Us Help Search Canada Site
What's New About Us Policies Site Map Home

Chief Information Officer Branch
Information, Privacy and Security Policy Division
Access to Information and Privacy
Implementation Reports:
2005
2004
2003
2002
2001
1999-2000
Information Notices
Access to Information and Privacy Coordinators
Forms
Community Events & Learning
Tools and Guides
Printable Version

Registration of Personal Information Banks (PIB)

ATIP Security Info Source
No.:  95
DATE:   November 26, 2004
TO:   Access to Information and Privacy Coordinators 
SUBJECT: Registration of Personal Information Banks (PIB)

Summary

The Privacy Act (Section 11(a)) requires that institutions identify personal information that is under their control and describe this information as Personal Information Banks (PIB), which are subsequently published within Info Source

A PIB describes a collection or grouping of individual's personal information held by federal departments and agencies, subject to the Privacy Act. PIBs describe personal information that is:

  • under the control of a government institution
  • captured in the institution's record keeping system; and
  • collected or maintained in support of an institutional program or activity. 

PIBs are used to describe personal information if it is retrievable by a person's name or by an identifying number, symbol or other particular assigned only to that person or personal information that has been or is being used, or is available for use for an administrative purpose. 

Personal Information Banks (PIBs) describe: 

  • the personal information elements that are contained within the official records keeping system of the federal institution;
  • why this personal information is being collected;
  • how this information may be used;
  • how this information is held and then disposed of; and
  • about whom the information relates (class of individuals). 

Note: PIBs are used only to describe personal information – not to actually collect and manage personal information. The information itself is captured and managed within the records and related record keeping system of the federal institution. 

Info Source is a key source for individuals to exercise their right to access their personal information and correct errors. Incomplete or inaccurate listings within Info Source indicates institutions subject to the Privacy Act are not meeting their legal obligations under the Act, specifically to list what information it collects and how the data is used and disclosed. 

PIB Checklist

Before registering the PIB, you should ask the following questions:

  • Is the personal information retrievable by name or identifying particular?
    (Please note that most electronic systems now have full text search capabilities which allows this type of information retrieval.)
    Is the personal information used or available for use for an administrative purpose?
  • Does a PIB already exist that comprises this information?
  • Should a reference be made to another bank?
  • Should it be registered as a standard bank?
  • Did your institution consider whether or not a privacy impact assessment (PIA) should be conducted? 

The Personal Information Bank (PIB) Registration Process 

The formal PIB registration process requires that institutions complete the PIB Registration Form (in both official languages) and forward these forms to the Information, Privacy and Security Policy Division (IPSPD) of Treasury Board to the attention of Laura Simmermon.

Please note: Due to the consultative approach now being used by IPSPD for the development of new and revised PIBs, institutions may prefer to use the Personal Information Bank Development Template (Appendix D) and submit their proposed PIB (it is not necessary to provide translated versions at this time) via e-mail to Laura Simmermon at Simmermon.Laura@tbs-sct.gc.ca

  • Content of proposed PIB is reviewed by a Senior Policy Analyst.
  • The proposed PIB is developed through a consultative process between IPSPD and the institution.
  • Final version of the proposed PIB is formally submitted (in both official languages) to IPSPD. 

Please note: the PIB Registration form must be signed by the institutional ATIP Coordinator.

  • Proposed PIB is approved by IPSPD.
  • PIB receives unique TBS Registration number.
  • A copy of the completed PIB form is returned to the institution.
  • The institution must include the Registered PIB in their next update to Info Source. 

It should be noted:

  • The review and approval process for new PIB registrations is a time-consuming and iterative process.
  • New PIB registrations should be submitted to the Information, Privacy and Security Policy Division (IPSPD) of the Treasury Board Secretariat throughout the year – on an ongoing basis.
  • New PIB Registrations that are submitted to IPSPD with an institution's Info Source update will not be reviewed and approved in time to be included in that year's Info Source. Info Source updates submitted with PIBs that have not been approved and registered by TBS will be revised and the unregistered PIBs removed.
  • To ensure that New PIB Registrations are reviewed and approved in time for inclusion with an institution's Info Source update, the following timelines must be respected:
  • All new institution-specific PIBs must be submitted to TBS by April 30th.
  • All new standard PIBs must be submitted to TBS by May 31st. 


Donald Lemieux

Acting Senior Director
Information, Privacy and Security Policy Division
Chief Information Officer Branch

 

Attachments:
                
Appendix A
Appendix B 
Appendix C 
Appendix D

  

Appendix A

How to complete the Personal Information Bank Registration Form 

INSTITUTION 

Indicate the legal title of the department or agency. 

PART 1
Title of Personal Information Bank 

Provide a descriptive name for the bank. It should be relatively simple but descriptive enough to reflect the types of information contained in the bank. It is also helpful when the title gives a pointer to the program to which it belongs.

PART 2
Program and Activity to which this Personal Information Bank relates:

Program: State the name of the program to which this personal information bank relates.

Programs are the largest unit of business activity in an institution – a unit set up to achieve institutional objectives as authorized by Parliament. A program represents the major responsibilities that are managed by the organization to fulfil its goals.

Activity: Activities are the major tasks performed by the organization to accomplish each of its programs. Several activities may be associated with an institutional program.

Related to Program Record(s) Number: 
Include the program record number(s assigned by the institution to the program records supporting the activity to which this PIB is linked.

Program records are distinct pieces of recorded information, regardless of physical form or medium, that are collected, created or received through the initiation, conduct or completion of a departmental activity or individual activity on behalf of the Department. Program records are comprised of either operational or administrative records. 

Note on Program Record Numbers: 

Personal Information may only be collected and used by an institution in support of a mandated activity. The records supporting that mandated activity are identified, organized and managed in an official record keeping system the source of this reference number.

Library and Archives Canada (PAC) Number: This number is now called the Records Disposition Authority (RDA) and is assigned by the Library and Archives Canada. In accordance with the provisions of the Library and Archives of Canada Act, the RDA is the instrument that the National Archivist issues to government institutions for enabling the disposition of records which no longer have operational utility. 

RDAs are generally available from each institution's information management professionals.

PART 3

Does this bank contain information gathered either through Public Opinion Research or other information collection activities?

The Government Communications Policy requires that institutions register any public opinion research with the Public Opinion Research Directorate at the Canada Information Office.

Number of individuals represented in the Personal Information Bank:
An approximate number is acceptable. This provides an indication of the size of the bank.

Does this bank contain personal information that is used for data matching purposes?
It is important to identify any data matching activities being conducted by the institution. It is also necessary to identify both the matching institutions and sources. Please refer to the TBS Privacy and Data Protection manual for the policies on Data Matching and control of the Social Insurance Number (SIN).

Is this bank an exempt bank?
The Governor-in-Council may, by order, designate as exempt banks certain personal information banks that contain information described in Section 21 or 22 of the Privacy Act. If the bank has been exempted, indicate the Order-in-Council Number and date of approval.

PART 4
Submission and Review 

Submitted by:
After signing the form, the Coordinator submits it to TBS for registration. Forms are to be forwarded to Laura Simmermon at:

Information, Privacy and Security Policy Division
Chief Information Officer Branch

Treasury Board of Canada Secretariat
2745 Iris Street, 4th Floor
Ottawa, Ontario K1A OR5 

Fax: (613) 957-8020
E-mail: Simmermon.Laura@tbs-sct.gc.ca 

Review 
After reviewing the information provided on the form to ensure that the bank complies with the Privacy Act, a signed and dated copy of the form is returned for your input to Info Source.

PART 5
Personal Information Bank Number and TBS Registration 

Bank Number:

This is a unique number generated and assigned by the institution as a finding aid. The Bank number is comprised of the following three elements: 

1) The institutional acronym. This should be the FIP-approved acronym if one exists. If not, then the acronym utilized by the institution is acceptable. 

2) The three-letter acronym that identifies the type of PIB (see Glossary of Terms for a description of the PIB types):

  • PPU – Public Bank
  • PPE – Particular Bank
  • PCE – Central Bank
  • PSE – Employee Standard Bank 
  • PSU– Public Standard Bank 
  • PCU– Public Central Bank 

3) A unique number generated by the institution to either link the PIB to specific program records or to the operational area within the institution or other related purposes. 

TBS Registration: 

A unique number assigned by TBS once the PIB has been reviewed and approved by TBS. 

PART 6
Contents of Personal Information Bank - as it will appear in Info Source 

Characteristics

Personal information banks provide a summary of the type of information about individuals that is held by federal departments and agencies. The Privacy Act requires that Personal Information Banks include all personal information that is organized and retrievable by a person's name or by an identifying number, symbol or other particular assigned only to that person. These banks must also include personal information that has been or is being used or is available for use for an administrative purpose.

Contents 

The specific requirements with regard to the contents of a Personal Information Bank are as follows:

Description: Provide an explanatory statement of the information described by the bank.

The description should indicate the types of personal information which the bank contains, i.e. names, addresses, telephone numbers, age of individuals, sex, marital status, country of birth, citizenship, social insurance numbers, employee numbers, race, fingerprints, blood types, etc. 

Class of Individuals: Indicate the type(s) of individual to whom the information relates. Examples are employees of the institution, recipients of Canada Pension Plan benefits, etc. 

Purpose: Provide a clear and concise explanation of the reason for which the personal information was obtained or compiled. The reason must be directly related to a government program or activity. The purpose may be stated in terms of the kinds of decisions that are made based on the information or the use of the bank.

Consistent Uses: A consistent use is a related purpose that has a reasonable and direct connection to the original purpose for which the information was obtained or compiled. State all consistent uses of the information and potential or related uses for which the personal information may be used or disclosed. 

Data matching activities and disclosures should be listed under this heading. Refer to the policy on Data Matching and Control of the Social Insurance Number (SIN) for guidance.

If there are no Consistent Uses, please include a statement to that effect.

Note on Disclosure: There are circumstances under which personal information may be disclosed to third parties. If personal information is disclosed, state the third party involved. 

Retention and Disposal standards: A timetable for the length of time records are maintained within the institution, (when the records are no longer required to meet operational, legal or other requirements) & when the RDA can be applied to the record holdings for final disposition. 

It is not necessary to identify where the records are located, i.e. at the Federal Records Centre – the retention period merely identifies how long the records are to be retained by the controlling institution before the final disposition action.

It is necessary to identify the final disposition action when the end of the retention period has been reached, i.e. destruction, transfer to Library and Archives Canada as historical records, alienation from the custody and control of the federal government due to a transfer to a provincial body or other special operating agency. 

Appendix B 

Revised PIB Registration Process

Until further notice, the entire PIB will be reviewed to ensure a holistic application of the quality assurance processes recently implemented by IPSPD during the review and approval of PIBs. 

The formal registration process requires that institutions include on the following elements on the PIB Registration Form (in both official languages) and forward these forms to the Information, Privacy and Security Policy Division (IPSPD) of Treasury Board to the attention of Laura Simmermon. 

Elements to be completed on PIB Registration Form:

  • The TBS Registration Number
  • The Bank Number
  •  The proposed revised text for the component being revised

Please note: Due to the consultative approach now being used by IPSPD for the development of new and revised PIBs, institutions may prefer to use the attached template (Appendix D) and informally submit their proposed PIB (it is not necessary to provide translated versions at this time) via e-mail to Laura Simmermon at Simmermon.Laura@tbs-sct.gc.ca.

  • Proposed revision is reviewed by a Senior Policy Analyst.
  • Final text for revised PIB is developed through a consultative process between IPSPD and the institution.
  • Final revised PIB is formally submitted (in both official languages) to IPSPD. 

Please note: the PIB Registration form must be signed by the institutional ATIP Coordinator.

  • Final revised PIB is approved by IPSPD.

Please note: The Privacy Commissioner's Office must be notified of new consistent uses. 

  • A new TBS Registration Number will not be assigned to the revised PIB unless substantial changes are made to the existing PIB.
  • A copy of the approved PIB form is returned to the institution.
  • The institution must include the updated PIB in their next update to Info Source

It should be noted: 

  • The review and approval process for revised PIB registrations is a time-consuming and iterative process.
  • Revised PIB registrations should be submitted to the Information, Privacy and Security Policy Division (IPSPD) of the Treasury Board Secretariat throughout the year – on an ongoing basis. 
  • Revised PIB Registrations that are submitted to IPSPD with an institution's Info Source update will not be reviewed and approved in time to be included in that year's Info Source
  • To ensure that revised PIB Registrations are reviewed and approved in time for inclusion with an institution's Info Source update, they must be submitted to TBS by April 30th.


Appendix C 

Appendix D


Template for Development of New PIBs

Name of Institution: 
Contact Name: 
Phone Number: 
Email Address: 
Title: 
  • Must be descriptive and reflect information being described by PIB.
  • It is helpful when the title gives a pointer to the program to which the PIB relates. 
Description: 
  • An explanatory statement of the information described by the bank.
  • It should indicate the specific personal information elements contained in the records to which the bank relates, i.e. names, addresses, telephone numbers, age, sex, marital status, country of birth, citizenship, social insurance numbers, employee numbers, race, fingerprints, blood types, etc. 
Note: 
This is the only optional field.
  • May contain information about how to access the information described by the PIB, i.e. please provide Surname, given name and telephone number.
  • Should not contain "contact" information within the institution creating the PIB 
Class of Individuals: 

Identifies the group or category of individuals about whom the information relates, i.e. current and former employees, contractors, program applicants, etc. 
Purpose: 
  • Provides a clear and concise explanation of the reason for which the personal information was obtained or compiled. 
  • The reason must be directly related to a government program or activity. 
  • The purpose may be stated in terms of the kinds of decisions that are made, based on the information 
Consistent Uses: 
  • Itemizes the potential or related uses for which the personal information may be used or disclosed. 
  • Uses must conform with the original purpose for which the information was collected - which might reasonably be considered to be related.
  • Must have a reasonable and direct connection to the original purpose(s)
  • State all consistent uses of the information. Data matching activities and disclosures should be listed under this heading.
  • If there are no Consistent Uses, please include a statement to that effect.
  • Note on Disclosure: There are circumstances under which personal information may be disclosed to third parties. If personal information is disclosed, state the third party involved. 
Retention and Disposal Standards: 
  • A timetable for the length of time records are maintained within the institution, (when the records are no longer required to meet operational, legal or other requirements) & when the RDA can be applied to the record holdings for final disposition)
  • Include the disposition action applied to the records when the retention period is reached, i.e. destroyed, alienated or transferred to National Archives of Canada as historical record. 
RDA Number: 
  • Records Disposition Authority number assigned by the National Archives of Canada.
  • RDA enables government institutions to dispose of records which no longer have operational utility. 
Related Program Number: 

Personal Information Banks must be cross-referenced to institutional Program Records (which are also described in Info Source: Sources of Federal Government Information). 
TBS Registration 

A unique number assigned by TBS once the PIB has been reviewed and approved by TBS. 
Bank Number: 

Unique number created by institution using:

  • institution's FIP acronym; 
  • Personal Information Bank Code (PPU - general public, etc.); 
  • institutional assigned reference number
Modified:  2004-11-26 Top of Page Important Notices