Privacy impact assessment – Njoyn e-recruiting and applicant tracking system
This privacy impact assessment (PIA) assesses Njoyn, a bilingual e-recruiting and applicant tracking system (ATS) operated by CGI Payroll Services Centre Inc. that supports the CNSC’s human resources function. E-recruiting uses an external website that allows candidates to apply for positions posted by clients; this is not a new activity for the CNSC or the Government of Canada.
Njoyn streamlines and automates a three-step recruitment and hiring process: hiring management, résumé management and process management. It assists the CNSC in recruiting and posting jobs both internally and externally, while also providing the resourcing unit and hiring managers with candidate information. Njoyn offers job searches, allows for monitoring and managing the recruitment process, and provides reporting capabilities.
Operational information collected in the context of this initiative is described in standard Class of Records, Recruitment and Staffing PRN 920. Personal information collected in the context of this initiative is described in standard Personal Information Bank, Staffing PSE 902.
Legal authority for program or activity: Nuclear Safety and Control Act, section 16(1).
Risk area identification and categorization
Type of program or activity
Personal information is used to make decisions that directly affect the individuals (including CNSC employees) who are applying for current CNSC employment opportunities and being considered for future career opportunities.
Level of risk to privacy – 2
Type of personal information involved and context
Personal information is collected directly from the individual and relates to the authorized staffing and recruitment activity.
Level of risk to privacy – 1
Program partners and private-sector involvement
This activity is related to more than one CNSC program. CGI Payroll Services Centre Inc. delivers the application through Njoyn.
Level of risk to privacy – 4
Duration of the program or activity
This is intended as a long-term initiative.
Level of risk to privacy – 4
Program population
This initiative will affect individuals who use the online ATS. These individuals include CNSC employees seeking new opportunities within the CNSC, as well as people from the private sector who submit applications to the CNSC.
Level of risk to privacy – 3
Technology and privacy
A. Does the new or modified program or activity involve the implementation of a new electronic system, software or application program, including collaborative software (or groupware), to support the program or activity with the creation, collection or handling of personal information?
Risk to privacy – Yes
B. Is the new or modified program or activity a modification of IT legacy systems and / or services?
Risk to privacy – No
C. Enhanced identification methods: This includes biometric technology, such as facial recognition, gait analysis, iris scan, fingerprint analysis, voice print and radio frequency identification (RFID). It also includes easy pass technology and new identification cards, including magnetic stripe cards and smart cards (i.e., identification cards with an embedded antenna, or a contact pad connected to a microprocessor and a memory chip or connected only to a memory chip with non-programmable logic).
Risk to privacy – No
D. Use of surveillance: This includes surveillance technologies, such as audio/video recording devices, thermal imaging, recognition devices, RFID, surreptitious surveillance/interception and computer-aided monitoring, including audit trails and satellite surveillance.
Risk to privacy – No
E. Use of automated personal information analysis, personal information matching and knowledge discovery technique: For the purposes of the Directive on Privacy Impact Assessment, government institutions are to identify activities’ use of automated technology to analyze, create, compare, cull, identify or extract personal information elements. Such activities include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends and patterns or to predict behaviour.
Risk to privacy – No
Personal information transmission
Information is transmitted using wireless technologies, as this is a web-based system.
Level of risk to privacy – 4
Risk impact in the event of a breach
In the event of a breach, there could be reputational harm to the CNSC and to individuals whose information is housed in the system.
Level of risk to privacy – 2
Delegated authority
Government official responsible for privacy impact assessment:
Louise Youdale
Director General, Human Resources Directorate
Head of the government institution / delegate for section 10 of the Privacy Act:
Phil Dubuc
Senior Access to Information and Privacy Advisor
Page details
- Date modified: