Summary of the Astronaut Recruitment System (ARS) Privacy Impact Assessment

The Astronaut Recruitment System, herein referred to as the online application system, allowed those applying to the Canadian Space Agency's astronaut recruitment campaign to submit, via the Internet, personal information required for application. The entire recruitment campaign lasted approximately one year. However, the system was available on the Internet for only three months, through the Canadian Space Agency (CSA)
Web site.

The online application system was developed to make the selection process more efficient. Its implementation eliminated the use of paper forms, which decreased manual data entry, reduced the time required to process and examine applications, and promoted electronic sorting by merit.

The major benefits of the online application system include:

  • more efficient and accurate application process, both in terms of initial filters in the face of large numbers of applicants and in terms of information storage and security throughout the process;
  • wider reach, given that applications can be filled out and submitted wherever the Internet is accessible; and
  • real-time production of processing feedback reports for CSA recruiters.

The personal information collected by the online application system is of the same quantity and type as that which the CSA would have collected via paper form had this application method been retained and is typical of personal information collected by any employer for a job application. The Astronaut Recruitment System implementation project neither changes nor increases the amount of personal information collected, used or disclosed with a paper form.

A Privacy Impact Assessment (PIA) was conducted prior to the implementation of the online application system. The purpose of the assessment was to:

  • ensure that the implementation of the Astronaut Recruitment System considered all aspects of privacy of personal information in the system design;
  • assess the CSA's administrative processes directly related to the implementation of the online application system for compliance with the Privacy Act and the 10 privacy principles; and
  • identify privacy risks and recommend mitigating strategies and action plans in order to reduce these risks and minimize damage in the event of a breach.

The scope of the assessment was limited to the personal information collected for the online application system and the use of this information during and following the recruitment campaign. The assessment also included the application retention and disposition process of the Astronaut Recruitment System.

The Privacy Impact Assessment found that the online application system, CSA administrative processes, and information management procedures and policies regarding personal information were compliant with the Privacy Act, the 10 privacy principles for personal information and the Treasury Board Secretariat (TBS) Policy on Privacy Protection. Program personnel are trained and made aware of their responsibilities for the use, disclosure, and safeguarding of personal information.

The online application system architecture was designed to ensure security of applicants' personal information while in transit and where it is retained. Access to the system by internal CSA users will be controlled and limited to those who have received authorization following reliability clearance, have acquired the applicable recruiter qualifications and require personal information for administrative, logistical or programming purposes.

The notice of privacy and consent that prospective applicants must agree to before entering any personal information online follows TBS guidelines. It clearly defines a prospective applicant's privacy rights and describes how his or her personal information will be used.

Four privacy risks were identified and deemed low risk. These risks and corresponding mitigation action plans are:

1. Risk: With regard to storage of personal information used to select applicants, security is compromised by unauthorized access to this information by third parties.

Mitigation: All personal information is stored in CSA offices on servers located in the server room, which has restricted access.

2. Risk: With regard to the selection process and application forms, which contain personal information, security is compromised by unauthorized access to this information by third parties.

Mitigation: In order to minimize the risk of disclosing information or jeopardizing the integrity of information contained in the system database, the following mechanisms have been put in place:

  • Secure (encoded) connections (https) between our servers and the applicants' computers are used.
  • Passwords must have a minimum of eight characters and contain numbers and letters.
  • Every time an application form is accessed via the Web, the event is logged (date, time and IP address).
  • Any changes made by applicants via the Web are logged (can track changes made since the creation of the file).
  • Various intrusion or attempted intrusion detection mechanisms, especially probes, have been implemented.
  • The CAPTCHA mechanism (image with characters that the applicants must retype) has been added when modifying a file via the Web to prevent hackers from programming scripts that guess passwords through automated attempts.
  • Every time a selection committee member accesses or makes changes to a file, the event is logged (e.g. an applicant is rejected because he or she incorrectly entered information on the application, and a selection committee member modifies it).
  • Hacking tests were conducted on the Web forms by the CSA information technology security officer. Any detected faults were corrected.
  • Technical support (call centre) employees have limited access to candidates' personal information, but have enhanced reliability clearance.

Personal information generated by the recruitment process after the recruitment system has been used will be retained in paper format in accordance with the current CSA information security policy.

3. Risk: The eight members of the close-knit team who process this personal information and the contractors retained for this purpose have limited knowledge of privacy requirements.

Mitigation: Along with the co ordinator, the project leader and project manager will do what is necessary—access to information and protection of CSA personal information in order to make the close-knit team members and the contractors aware of privacy requirements, in accordance with TBS guidelines. For the latter, a clause will be added to the contract regarding this matter.

4. Risk: The CSA information technologies staff, who develop, manage and maintain the systems and associated algorithms, modules and applications, possess enough knowledge to pose a risk of improper use, whether knowingly or inadvertently, to the ARS.

Mitigation: The CSA Information Management Directorate recognized the need to introduce prerequisite privacy training for these individuals in addition to requiring and obtaining security clearances at the secret level at least for all of them. Even among the technical staff, access to candidates' information will be restricted as much as possible. Only three employees in the database management group will have access to the information. Other access will be granted via system accounts, especially for the analyst who participated in the design of the system and must perform support tasks. All these employees have secret security clearance.

This Privacy Impact Assessment (PIA) was submitted to the Office of the Privacy Commissioner of Canada (OPCC), as required in section 7 of the TBS Privacy Impact Assessment Policy.

We have included below an excerpt from the OPCC review of this PIA:

  • We expect you to accept all the recommendations made by the OPCC with regard to the PIA analysis. We also expect that you will send us the Internet link to the PIA summary and make reference to our analysis on the Agency's Web site.

  • Moreover, we expect that you will retain the personal information of the candidates who applied in connection with the 2008 recruitment process for a period of two years following the disclosure of the selection process results. Although we might propose a different approach, the decision is yours to make, and we will respect it.

  • This marks the end of our PIA analysis, and we will therefore close the 2008 astronaut recruitment project file. We would like to thank you for your co operation throughout the PIA process.