National Interest Exemption Program (NIEP)

Overview & PIA Initiation

Government Institution
Transport Canada (TC)

Government official responsible for the PIA
Benoit Turcotte
A/Director General, COVID Response and Recovery
Transport Canada

Head of the government institution or Delegate for section 10 of the Privacy Act
Brigitte Parent, Director
Directorate Access to Information and Privacy

Standard or institution specific class of record:
National Interest Exemption Program, TC NIE 001

Standard or institution specific personal information bank:
National Interest Exemption Program, TC PPU 056

The PIB is pending Treasury Board Secretariat approval and registration

Legislated authority for activity:
Personal information is collected and used pursuant to ss. 5.9(2) of the Aeronautics Act, ss. 10(2) of the Canada Shipping Act, and s. 32.01 of the Railway Safety Act.

Summary of the project / initiative/ change:

The National Interest Exemption Program (NIEP) was launched in November 2021 and suspended in June 2022. When active, the NIEP allowed individuals who were not fully vaccinated from COVID-19 to seek a national interest exemption to the vaccination mandate on federally regulated modes of travel – air, rail, and marine.

In August 2021, the Government of Canada announced a COVID-19 vaccination mandate for workers and passengers in federally regulated air, rail, and marine sectors of Canada’s transportation system by November 30, 2021. That is, beginning on November 30, 2021, all air, rail, and marine travelers were required to be fully vaccinated to travel in and departing Canada, with very limited exceptions. The orders that mandate vaccinations are listed below:

  1. Ministerial Interim Order Respective Certain Requirements for Civil Aviation Due to COVID-19;
  2. Ministerial Order (Rail) Pursuant to s. 32.01 of the Railway Safety Act – Vaccination Mandate for Passengers; and
  3. Ministerial Interim Order Respecting Vessel Restrictions and Vaccination Requirements Due to the Coronavirus Disease 2019 (COVID-19).

These Ministerial Orders required air, rail, and marine carriers to provide exceptions from the requirement to be fully vaccinated in very limited circumstances, namely if the person has either not completed a COVID-19 vaccination regime due to a medical inability, the person's sincerely held religious beliefs, or the travel is required to receive essential medical services or treatment. In addition to these exemptions managed by the carriers, TC introduced the NIEP in November 2021, which allowed individuals to seek exemption, when no other exemption was available, and if the travel was in the national interest.

Individuals who sought a NIE from the vaccination mandates applied directly to TC. If approved, TC issued an approval letter which the individual submitted to the carrier (e.g. Air Canada) upon making a reservation and/or at check-in. Presentation of the NIE letters may also have been required by other stakeholders such as the Canadian Air Transport Security Authority (CATSA).

The NIE approval allowed for the exemption of certain passengers from the vaccination requirements set out in the aforementioned Ministerial Orders. A NIE did not exempt passengers from other requirements identified in the Orders, such as the need to provide proof of an accepted negative COVID-19 test, to wear a mark, quarantine, or any requirements imposed by provincial, territorial or municipal governments. It is limited to the vaccination requirements related to boarding a flight, train, or vessel.

This PIA assessed the NIEP business process, procedures, and personal information collection, use, disclosure, and retention practices. As a result of the PIA, risks were identified and assessed by Transport Canada senior management. After thorough analysis, Transport Canada developed a fulsome risk mitigation plan to aggressively address the risks and recommendations. The resulting Action Plan has appropriate timelines assigned to each risk mitigation activity which is commensurate with the assigned risk level.

Risk Area Identification and Categorization

In its Directive on Privacy Impact Assessment, TBS has expressed that the PIA must include a completed risk identification and categorization section and make public those risk ratings. A risk rating must be assigned to each risk areas named and described in Appendix C of the Directive on Privacy Impact Assessment. The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area. For this PIA the risk areas and associated risk levels are as follows:

Risk Area

Risk Level

Type of Program or Activity
Administration of Programs / Activity and Services
Personal information is used to make decisions that directly affect the individual (i.e. determining eligibility for programs including authentication for accessing programs/services, administering program payments, overpayments, or support to clients, issuing or denial of permits/licenses, processing appeals, etc.)

2

Type of Personal Involved and Context
Social Insurance Number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual.

For example: personal information which, when taken together with other information, reveals information on the health, financial situation, religious or lifestyle choices of the individual

3

Program or Activity Partners and Privacy Sector Involvement
With other federal institutions

2

Duration of the Program
Short–term program
A program or an activity that supports a short-term goal with an established “sunset

2

Program Population
The program affects certain individuals for external administrative purposes.

3

Technology and Privacy
The deployment of the NIEP resulted in the deployment of a dedicated system to store and process application data. It also resulted in the deployment of a front end webform which was used by applicants to initially apply for a NIE.

There were some data matching activities that had to be performed. Often that involved ensuring appropriate information was sent to the correct person, but also the Department validated NIE letters with requesting air and rail carriers.

Information Transmission
The personal information is used in a system that has connections to at least one other system.

The program or activity involves one or more connections to the Internet, Intranet or any other system. Circulation of hardcopy documents is not controlled.

2

In the Event of a Privacy Breach Impacting the Individual
In the event of a privacy breach, the impact to an individual could have minor reputational effects. Applicants were individuals who were not fully vaccinated, therefore, some reputational harm/criticism could occur in the event of a privacy breach. Furthermore, in rare instances employment details were collected such as business arrangements, intent of work travel, and business contracts. Outside of this information, the NIEP’s collection of personal information was normally limited to contact information, travel data (at the time), and narrative text justifying the NIE – all of which is not categorized as highly sensitive personal information which would be result in the individual being adversely impacted if a breach were to occur.