Business Risk Management Suite Delivery Modules

Introduction

Ministers of Agriculture from across the country have agreed to Growing Forward, a market-driven vision for Canada's agriculture, agri-food and agri-based products industry in every region of the country. For producers, this means a new suite of business risk management systems to deliver new programs to help producers manage the risks of doing business.

The Business Risk Management Suite (BRMS) Delivery Modules consists of several frameworks or modules that can be used together in order to create a program delivery application. For each new program, Agriculture and Agri-Food Canada (AAFC) determines which modules are required to deliver the new program and configures the modules based on the business rules and requirements of the program (e.g. program parameters). The modules and configurations represent a program delivery application (i.e. an instance of the system) that supports the administration and delivery of the program.

BRMS was used in the delivery of AgriInvest Kickstart and the Cost of Production (COP) programs and is currently used in the delivery of the AgriInvest and AgriStability programs. A separate instance of BRMS is used currently as a data repository for client information collected by AAFC's Farm Income Programs Directorate (FIPD) as well. All three instances of BRMS currently in use have improved privacy controls over the systems previously used to deliver farm programs by FIPD.

Objective

As the BRMS Delivery Modules involve the collection and management of personal information, a Privacy Impact Assessment (PIA) was conducted to determine if there were any privacy risks, and if so, to make recommendations for their resolution or mitigation.

Description

The scope of the PIA was restricted to the proposed design of the BRMS Delivery Modules to be built for delivery of the new BRM programming. The PIA focused on the privacy impacts related to the BRMS Delivery Modules and not the actual farm programs that use the systems.

Conclusion

As a result of the PIA, measures have been determined to mitigate any risks associated with the collection of personal information. These include: strengthening agreements, limiting the collection, access and use of personal information and instructing staff in the privacy, safeguarding and management of personal information.