Note
Issued also in French under title: Vérification de certains bases de données opérationnelles de la GRC : rapport de vérification de la commissaire à la protection de la vie privée du Canada : article 37 de la Loi sur la protection des renseignements personnels : rapport final.
Reproduction of the version available on the OPC website (https://www.priv.gc.ca/index_e.asp).
Résumé
"Canada’s law enforcement and criminal justice community relies upon an extensive network of database systems to help enforce laws, prevent and investigate crime, and maintain peace, order and security. As Canada’s national police service, the Royal Canadian Mounted Police (RCMP) has provided leadership in identifying needs and developing information systems and related services and making them available to the broader community. Due to their importance and extensive use by the RCMP and other members of the larger law enforcement community, [the] audit focused on two of these systems: the Canadian Police Information Centre (CPIC) and the Police Reporting and Occurrence System (PROS). CPIC provides computerized storage and retrieval of information on crimes and criminals. PROS is the RCMP’s primary operational records management system. The audit examined RCMP policies and procedures governing the access and use of CPIC, the policies and procedures to remove personal information contained in PROS that is no longer required, the RCMP’s review practices for compliance with the terms and conditions of use for both CPIC and PROS, and the management of user access to PROS."--Page 3.
Contenu
1. Main points --
1.1. What we examined --
1.2. Why this issue is important --
1.3. What we found --
2. Introduction --
2.1. Background --
2.2. Focus of the audit --
3. Observations and recommendations --
3.1. Canadian Police Information Centre (CPIC) --
3.1.1. Policies and procedures to protect the personal information accessed from CPIC are well established --
3.1.2. A monitoring regime is in place to govern proper use --
3.2. Police Reporting and Occurrence System (PROS) --
3.2.1. Personal information is being retained longer than required --
3.2.2. There is no active review of user accounts --
3.2.3. Compliance with policies governing use of personal information is not systematically reviewed --
4. Conclusion --
5. About the audit --
Appendix. List of recommendations.