National Digital Forensics Program

Government institution

Royal Canadian Mounted Police

Head of the government institution or delegate for section 10 of the Privacy Act

Danielle Golden, Director of Privacy, Access to Information and Privacy Branch

Senior official or executive responsible for the Privacy Impact Assessment

Superintendent Nicolas Gagné Acting Director General, Technical Investigation Services/Specialized Policing Services.

Name and description of the program or activity of the government institution

National Digital Forensics Program

Legal authority for the program or activity

Section 18 of the Royal Canadian Mounted Police Act

Paragraph 14(1)(a) of the Royal Canadian Mounted Police Regulations

Standard or institution specific personal information bank

Operational Case Records, RCMP PPU 005

Criminal Operations Intelligence Records, RCMP PPU 015

National Security Investigations Records, RCMP PPU 025

Description of the project, initiative or change

The use of electronic devices has become part of our daily lives. Using these devices to store data created new opportunities for criminal activity which means that criminals are likely to leave a digital trail of evidence. Police can extract data stored on digital devices, however, protections like end-to-end encryption are often used to make data extractions unreadable and useless to investigators. The data is critical for law enforcement to ensure Canada's safety and security. Digital technology has evolved, but so have the tools and techniques used by police. This has driven the RCMP's National Digital Forensics Program.

Authorities for police to seize and collect evidence are recognized in the courts. The RCMP National Digital Forensics Program's mandate is to implement lawful technological techniques using Digital Forensics Access Tools to search and seize digital data from electronic devices.

Depending on the hardware, software and network configurations of the lawfully seized devices, different digital forensic tools and techniques may be used to access them. This class of tools are generally referred to as Digital Forensics Access Tools.

Purpose and scope of the privacy impact assessment

The privacy impact assessment ensures that:

  • The RCMP's use of Digital Forensics Access tools meets its legal obligations under the Privacy Act;
  • The privacy risks with the use and collection of personal information are managed effectively;
  • Public misconceptions about the RCMP's digital forensics activities are identified and addressed.

Privacy analysis

Privacy impacts associated with the collection, use, disclosure and retention of personal information using commercial digital forensics access tools are expected to be low. Associated risks identified in the assessment process are expected to be even lower once fully adopted. Potential impacts on the privacy of individuals will be managed through appropriate legal, policy and technical measures geared at protect personal information.

The RCMP does not use Digital Forensics Access tools to spy on or keep tabs on Canadians. The RCMP's National Digital Forensics Program's role is to support investigations through extracting digital data from personal electronic devices, with a warrant or lawful authority, and in compliance with the Canadian Charter of Rights and Freedoms.

Risk area identification and categorization

Given the mandate of the National Digital Forensics Program, for some of the categories listed below, the level of risk is elevated on the Treasury Board of Canada Secretariat risk scale. However, recommendations from the privacy impact assessment process, once fully adopted, are expected to reduce those risks to an acceptable level.

A) Type of program or activity

Personal information is extracted from electronic devices and processed in accordance with judicial authorizations. Information is filtered by the terms and conditions of the authorization. The legally obtained information is not retained by the digital forensics units. It is provided to the investigators and may be used for investigations and enforcement in a criminal context. For example, decisions can result in criminal charges, sanctions or removal orders for reasons of national security or criminal enforcement.

Level of risk to privacy: Elevated risk

B) Type of personal information involved and context

Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive.

National Digital Forensics Program

Level of risk to privacy: Elevated risk

C) Program or activity partners and private sector involvement

RCMP digital forensics activities are authorized by the RCMP when support requests from international partners come through Global Affairs Canada. Deployment assessments are done under Ministerial Directive. There are no restrictions on sharing digital data/information acquired through Digital Forensics Services (DFS) analysis. Any information (including personal information) extracted and processed remains within the supported international partner.

DFS does not determine if Canadian personal information was extracted. RCMP Digital Forensics Examiner's work is conducted strictly to support the international partner requesting assistance. Everything is done with Canadian judicial authorization from the appropriate Canadian government agency. Private sector or international organizations wanting RCMP DFS services, require judicial authorization and must make the request through the proper government or police agency.

Level of risk to privacy: Moderate Risk

D) Duration of the program or activity

Long-term program or activity

Level of risk to privacy: Moderate Risk

E) Program population

The program does not use personal information for external administrative purposes.

Level of risk to privacy: Moderate Risk

F) Technology and privacy

  1. Does the new or substantially modified program or activity involve implementation of a new electronic system or the use of a new application or software, including collaborative software (or groupware), to support the program or activity in terms of the creation, collection or handling of personal information?

    Risk to privacy: No

  2. Does the new or substantially modified program or activity require any modifications to information technology legacy systems?

    Risk to privacy: No

  3. Does the new or substantially modified program or activity involve implementation of new technologies or one or more of the following activities:
    • Enhanced identification methods;

      Risk to privacy: No

    • Surveillance;

      Risk to privacy: No

    • Automated personal information analysis, personal information matching and knowledge discovery techniques?

      Risk to privacy: No

  4. Level of risk to privacy: Low risk

G) Personal information transmission

Information extracted with the RCMP using Digital Forensics Access tools are not shared or transmitted between groups internally. A portion of the extracted information will be shared with investigators in accordance with the terms and conditions of a judicial authorization. The transmission of that data will be done through secured network, or through the use of encrypted portable storage devices, which are subject to strict rules and policies.

Level of risk to privacy: Moderate risk

H) Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee

A privacy breach during DFS operations could be damaging to the subject of a police investigation or an individual who is incidental to the investigation. Various types of judicial authorizations are granted to support the DFS' digital data seizure efforts. Authorizations define what the court has deemed appropriate information to extract for the investigation and how it can be extracted. Electronic devices contain countless amounts of digital data (which may contain personal information). Law enforcement is only entitled to disclose the information specified in the warrant.

The risk of a breach is minimal given the security measures put in place by the RCMP. Given the nature of the data extracted by DFS, a possible breach could result in serious injury to the individual. The RCMP and the divisional DFS units recognize the need to maintain the integrity of seized data, not only for continuity and admissibility in court, but also to minimize potential impacts to an individual's privacy. To that end, the National Digital Forensics Program manages the extracted information in accordance with RCMP and Government of Canada policies for Protected B information.

Level of risk to privacy: Moderate risk

Top of page
Date modified: