Privacy Impact Assessment on the Green and Inclusive Community Buildings (GICB) Program

Title of the PIA

Privacy Impact Assessment on the Green and Inclusive Community Buildings (GICB) Program

Government Institution

Infrastructure Canada (INFC)

Head of INFC or Delegate for Section 10 of the Privacy Act

Melanie Davis, Director, ATIP and Executive Correspondence

Senior Official or Executive for the New or Substantially Modified Program or Activity

Bogdan Makuc, Director, Green and Inclusive Community Buildings Program

Name and Description of the Program or Activity of the Government Institution

Green and Inclusive Community Buildings (GICB) Program

Legal Authority

The legal authority for the collection of personal information is Order in Council P.C. 2004-0325.

Personal Information Bank

There is currently no registered personal information bank for GICB. However, there is a class of personal information – Grant and Contribution Programs.

Short Description of the Project, Initiative or Change

The Green and Inclusive Community Buildings (GICB) program aims to build more community buildings and improve existing ones – in particular in areas with populations experiencing higher needs – while also making the buildings more energy efficient, lower carbon, more resilient, and higher performing. This five-year $1.5 billion program will support green and accessible retrofits, repairs or upgrades of existing public community buildings and the construction of new publicly-accessible community buildings that serve high-needs, underserved communities across Canada.

The GICB program supports the first pillar of the Strengthened Climate Plan by making it easier for Canadians to improve the places in which they live and gather, by cutting pollution (e.g. reducing GHG emissions, increasing energy efficiency, building resiliency to climate change and encouraging new builds to net zero standards), making life more affordable and supporting thousands of good jobs.

Funding is available for municipal or regional governments, public sector bodies, not-for-profit organizations, provincial or territorial governments and Indigenous recipients for eligible projects. Individuals and for-profit organizations are not eligible to apply.

Risk Area Identification and Categorization

The following section contains risks identified in the PIA for the new or modified program. The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area.

Type of Program or Activity

Program or activity that does not involve a decision about an identifiable individual.

Level of risk to privacy: 1

Type of Personal Information Involved and Context

Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program.

Level of risk to privacy: 1

Program or Activity Partners and Private Sector Involvement

Within the institution (among one or more programs within the same institution), with other government institutions, with other institutions or a combination of federal, provincial or territorial, and municipal governments and private sector organizations.

Level of risk to privacy: 4

Duration of the Program or Activity

Long‑term program or activity

Level of risk to privacy: 3

Program Population

Personal information is collected from individuals outside INFC. However, it is not used for an administrative purpose, but it is placed in a database and retrievable by name.

Level of risk to privacy: 1

Technology and Privacy

The program involves implementation of a new electronic system or the use of a new application or software, including collaborative software (or groupware), to support the program or activity in terms of the creation, collection or handling of personal information.  The program also requires modifications to information technology (IT) legacy systems.

Level of risk to privacy: 3

Personal Information Transmission

The personal information is transmitted using wireless technologies.

Level of risk to privacy: 4

Risk Impact to the Individual or Employee in the Event of a Privacy Breach

Inconvenience, reputation harm, embarrassment

Level of risk to privacy: 2