National Fine Recovery Program (NFRP)

Executive Summary


The Public Prosecution Service of Canada (PPSC) is responsible for administering the recovery of outstanding federal fines under the terms of an assignment issued by the Attorney General of Canada in 2007.

The mandate of the National Fine Recovery Program (NFRP) is to enforce sentences by recovering outstanding court-ordered fines levied against individuals and companies convicted under federal statutes. Outstanding fines are recovered through various types of intervention such as private collection agencies, civil litigation measures and set-off of income tax refunds, and GST/HST credits through the Canada Revenue Agency.

Overview and Initiation of the Privacy Impact Assessment

NFRP is responsible for tracking and managing fines as they become in default. Personal information contained in prosecution files is recorded in the PPSC’s case management system which allows NFRP to monitor fines as they become overdue for payments. The collection and use of this personal information are consistent with the purposes identified in the Personal Information Bank PPSC PPU 001.

The PPSC outsources a portion of fine recovery efforts to private collection agencies. This results in the disclosure of basic information by NFRP (i.e. name, date of birth, address, phone number, court file number, amount of fine, and court house address) to Canadian private sector organizations acting on behalf of the PPSC.

The PPSC has decided to change its recovery model to a hybrid approach. In addition to collection agencies, the NFRP now collects, discloses, and retains more information with various other partners such as credit bureaus and federal, provincial and territorial government departments. This represents a substantial modification to the NFRP’s activities and it was determined that a Privacy Impact Assessment (PIA) would be required to evaluate any risks to the personal information that is collected, disclosed, used, and retained as part of this process, as set out in the Treasury Board’s Directive on Privacy Impact Assessment.

Risk Area Identification and Categorization

The PIA has identified a series of privacy risks for the organization and included a detailed mitigation strategies associated for each risk. These recommendations are part of an integrated privacy risk management approach designed to reduce the level of risk found within the operational environment.

The risks that were identified are mainly concentrated on the theme of Accountability and Safeguarding. Below is a high-level summary that has been identified in the PIA report and where the PPSC should:

Corporate Risks

Level of risk to privacy: HIGH
Level of risk to privacy: MODERATE

Program Risks

Level of risk to privacy: HIGH
Date modified: