Identifying and Marking Critical Infrastructure Management (CI/EM) Information Shared in Confidence with the Government of Canada

Guide for Private Sector Entities

Identifying and Marking Critical Infrastructure Management (CI/EM) Information Shared in Confidence with the Government of Canad PDF Version (35 KB)

1. Introduction

Unauthorized access to sensitive information about Canada's critical infrastructure can prove damaging to the private sector entities that share this information with the Government of Canada. For this reason, the Emergency Management Act (EMA) includes a consequential amendment to the Access to Information Act (ATIA) that allows the Government of Canada to protect from disclosure specific critical infrastructure / emergency management (CI/EM) information supplied in confidence to the government by third parties.

Private sector entities should note that the information they share in confidence with government institutions can be protected under the exemption for CI/EM information only if it is identified as such and appropriately marked by the third party that provides the information.

For more detailed information about the consequential amendment to the Access to Information Act to protect CI/EM information (i.e., paragraph 20(1)(b.1), please consult the publication Information Sharing and Protection under the Emergency Management Act. This is available from Critical Infrastructure Policy, Public Safety Canada.

The purpose of this Guide is to provide general guidance for private sector entities to help them identify sensitive CI/EM information and develop specific markings for this information when it is shared in confidence with the Government of Canada.

2. Applicability

The information in this Guide is applicable to private sector entities who voluntarily share in confidence specific critical infrastructure/emergency management information with Government of Canada departments and agencies.

3. Criteria the information must meet

To qualify for the exemption for CI/EM information in the Access to Information Act, i.e.,  paragraph 20(1)(b.1):

4. Marking CI/EM information provided in confidence to the Government of Canada

In order to indicate that the information is being provided in confidence, the third party should mark each page of the document(s) prior to transmittal. Adherence to standard marking will help ensure that the information is protected consistently by federal government institutions who receive such information from their private sector critical infrastructure partners.

Once a document is identified as containing CI/EM information provided in confidence to a federal government institution, it should be marked according to the following:

PROTECTED
CRITICAL INFRASTRUCTURE / EMERGENCY MANAGEMENT INFORMATION
PROVIDED IN CONFIDENCE TO
[name of federal department or agency]

The marking shown above (frame and format optional) should be placed on all pages or sections of the document that contain CI/EM information. A stamp or label may be used.

The marking should be located either at the top or bottom of each page consistently throughout the document.

The size, format and arrangement of the words may be modified to accommodate different situations but the wording should remain consistent.

The marking should also appear on the outside of any front or back cover, any binder cover or folder (front and back) and any title page.

5. Identifying specific CI/EM information shared in confidence

Private sector entities should review the documents they share in confidence with the Government of Canada to determine if the subject matter concerns the first of the criteria outlined above.

Some points to consider when determining what constitutes CI/EM information to be shared in confidence:

Examples of CI/EM information shared in confidence could include but not be limited to:

6. List of Access to Information Act exemptions

The following is a list of exemptions in the Access to Information Act (ATIA) that allow government institutions to refuse to disclose information that is under their control.  For more detailed information about these exemptions please consult the ATIA (available on-line at www.infocom.gc.ca) or your legal counsel.

7. Purpose of sharing CI/EM information with the Government of Canada

Sharing CI/EM information between the federal government and the private sector is essential to the Government's role in providing national leadership in emergency management and critical infrastructure protection. Assessing threats and vulnerabilities, improving warning and reporting capabilities, analyzing attacks to develop better defences and responses, are the primary goals of sharing CI/EM information under the authority of the EMA.

8. Transmitting CI/EM information shared in confidence with the Government of Canada

CI/EM information provided in confidence to the Government of Canada should be transmitted in hard copy by secure, trackable methods such as express, certified or registered mail or commercial courier service. In electronic format, the information should be transmitted in a protected format, such as a locked PDF file or password protected document with the password provided under separate cover, or using an encryption method agreed upon with the information sharing partner.

9. Contact information

For additional information about any aspect of this Guide, please contact:

Director
Critical Infrastructure Policy
Public Safety Canada
269 Laurier Avenue West
Ottawa, Ontario
Canada K1A 0P8
(613) 991-3583

Date modified: