Archived: Message to Government of Canada employees regarding pay: July 21, 2016
We have archived this page and will not be updating it
You can use it for research or reference.
Thank you for your patience and understanding as we continue to address employee pay problems.
On Monday, I provided an update on the situation and announced additional actions to help employees who are having issues with their pay. I invite you to read my statement.
Recently, there have been media reports about privacy breaches related to Phoenix. I understand that employees may be concerned about this, and I want to assure you that we take the safeguarding of employee personal information very seriously. Any time we experience a privacy breach, we follow a systematic approach, in accordance with Treasury Board requirements, to assess and address causes and consequences.
We encountered two privacy breach situations during the testing and early implementation of Phoenix. The first situation occurred between March and July 2015, and the second between February and April 2016.
System adjustments and fixes were quickly implemented to prevent further breaches. Our Departmental Oversight Branch thoroughly reviewed these situations and determined that they posed low risk to employee privacy. There was no evidence that employee personal information ever left the hands of federal employees or government contractors. We also reported both of these instances to the Office of the Privacy Commissioner of Canada (OPC) for review.
The first of these two situations involved Personal Record Identifiers (PRI), employee names and pay amounts that were inadvertently used by IBM to test the system during the development phase of Phoenix. The OPC reviewed the case and determined that appropriate steps had been taken by Public Services and Procurement Canada to address the situation. This information was immediately deleted as soon as the issue was detected. In addition, the employee information consisted of scrambled data that would have required technical expertise and significant time to make it readable. The OPC agreed with the Department that the risk to individuals was very low and that no further action by the Department was required.
The second situation occurred shortly after the Phoenix system was launched. Several managers from four departments reported being able to access information of employees from other federal departments. Contrary to what has been reported in the media, this breach involved only the names and PRIs of employees. These access issues were addressed, and system fixes were put in place to prevent further problems. The OPC was also made aware of this situation.
Please note that we are addressing all pay issues as quickly as possible. I look forward to providing you with an update on our progress next week.
Marie Lemay, P.Eng., ing.
Deputy Minister
Public Services and Procurement Canada