Language selection


Aquatic Invasive Species Program

Title of the PIA

Privacy Impact Assessment of Aquatic Invasive Species (AIS) 

Government institution

Fisheries and Oceans Canada (DFO)

Head of DFO or delegate for section 10 of the Privacy Act

Marlene Fournier, A/Director, ATIP

Senior official or executive for the new or substantially modified program or activity

Nicholas Winfield, DG, Ecosystems Management

Name and description of the program or activity of the government institution

The sub-program 2.2.3 Aquatic Invasive Species is described in the 2016-17 Report on Plans and Priorities as the following:

The Aquatic Invasive Species program aims to prevent the introduction of aquatic invasive species (AIS) into Canadian waters, to manage selected existing populations of AIS and to provide fisheries managers with information and tools to address AIS. Activities performed by the program include: early detection, response, and management of AIS and the administration of the Aquatic Invasive Species Regulations. The program works with federal, provincial and territorial partners to coordinate AIS issues and to administer and enforce AIS legislation. The program also works with government authorities in Canada and the United States and with non-governmental organizations to manage the threat of AIS through ongoing scientific studies (e.g. research on pathways of invasion, methodologies to detect new invasions), risk assessments and control measures. Information related to AIS, their prevention and management is provided to Canadians.

Legal authority

The legal authority for AIS sub-program is subsections 34(2), 36(5) and 43(1) to (4) of the Fisheries Act, the Aquatic Invasive Species Regulations, in general, and subsection 52 of the Fishery (General) Regulations.

Personal Information Bank

The AIS sub-program involves modifications to the existing PIBs - Licence to Fish for Scientific, Experimental, Educational or Public Display Purposes, and Violations under Canadian Fisheries and Fish Habitat Legislation.

Short description of the project, initiative or change

Aquatic invasive species (AIS) are aquatic organisms, when introduced outside of its natural environment, out-compete native species. In Canada, there are hundreds of invasive species that generally share common characteristics including high rates of reproduction, few natural predators, and the ability to thrive in different environments. These characteristics make AIS difficult to control, and can result in devastating changes to natural habitat rendering it inhospitable for native species.

In an effort to address this problem, Fisheries and Oceans Canada developed new federal regulations to manage and control aquatic invasive species in Canada. Following a series of policy consultations with stakeholders and governments across Canada, the proposed regulations were pre-published in the Canada Gazette, for a 30-day public comment period. Comments were received from individuals and groups, including the hydro-electric industry, the shipping industry, conservation organizations, and the general public. All of these comments were considered, revisions were made where needed, and the final Aquatic Invasive Species Regulations were published in the Canada Gazette, Part II, on June 17th, 2015.

The objective of the Aquatic Invasive Species Regulations is to provide a full suite of regulatory tools under the federal Fisheries Act to prevent the introduction of aquatic invasive species (AIS) into Canadian waters and to control and manage their establishment and spread, once introduced. The Regulations complement existing federal and provincial authorities and bridge gaps within these frameworks to enable a broad range of AIS management activities.

These new Regulations build on the existing legal and institutional frameworks in Canada. The existing framework is often characterized as a "patchwork" regulatory system owing to the use of a myriad of authorities and/or mandates held by federal departments and agencies or provincial and territorial governments that may be applied directly or indirectly to address concerns related to AIS.

Fisheries and Oceans Canada is dedicated to ensuring that the Regulations will not unduly restrict activities that benefit our economy, environment or society. Therefore, prior to regulating any additional aquatic species under these Regulations, the Department will consider biological and socio-economic risk assessments of species intended for listing. Assessing the biological and socio-economic threat posed by potential AIS allows decision makers to make an informed decision whether a species should be listed or not.

In addition, the Regulations aim to accommodate local issues related to AIS, while providing a national framework for managing and controlling AIS in Canada.

Risk area identification and categorization

The following section contains risks identified in the PIA for Aquatic Invasive Species.

Type of program or activity

Compliance or regulatory investigations and enforcement - Personal information is used for purposes of detecting fraud or investigating possible abuses within programs where the consequences are administrative rather than criminal in nature. Decisions may lead to penal charges.

Level of risk to privacy: Medium

Type of personal information involved and context

In the case of a violation of the AIS Regulations, the personal information collected may be sensitive and include allegations or suspicions.

Level of risk to privacy: High

Program or activity partners and private sector involvement

There is involvement with other institutions which may include federal, provincial/territorial, and/or municipal governments.

Level of risk to privacy: Medium

Duration of the program or activity

Aquatic Invasive Species is planned to be a long term program.

Level of risk to privacy: High

Program population

The use of personal information is for both internal and external administrative purposes, and affects certain individuals.

Level of risk to privacy: Medium

Technology & privacy

Does the new or substantially modified program or activity involve implementation of a new electronic system or the use of a new application or software, including collaborative software (or groupware), to support the program or activity in terms of the creation, collection or handling of personal information?


Does the new or substantially modified program or activity require any modifications to information technology (IT) legacy systems?


Does the new or substantially modified program or activity involve implementation of new technologies or one or more of the following activities enhanced identification methods, surveillance, or automated personal information analysis, personal information matching and knowledge discovery techniques?


Overall risk to privacy: Low

Personal information transmission

Personal information is transferred to a portable device (i.e. USB key, diskette or laptop computer), transferred to a different medium or is printed.

Level of risk to privacy: Medium

Risk impact to the individual or employee in the event of a privacy breach

The privacy impact on individuals in the event of a data breach at DFO is low for the licensing component of AIS Control. The information collected is limited to non-sensitive personal information, and is provided by individuals directly with their knowledge and consent. However, the privacy impacts on the individual are higher where personal information gathered by DFO is used for enforcing the regulations.

Level of risk to privacy: Medium

Date modified: