National Fine Recovery Program (NFRP)
The mandate of the National Fine Recovery Program (NFRP) is to enforce sentences by recovering outstanding court-ordered fines levied against individuals and companies convicted under federal statutes. Outstanding fines are recovered through various types of intervention, including an initial demand letter, telephone contacts, set-off of income tax refunds and GST/HST credits, payment negotiations, seizure of assets, registration of liens on property, and income garnishment.
The Public Prosecution Service of Canada (PPSC) is responsible for administering the NFRP under the terms of an assignment issued by the Attorney General of Canada in September 2007. In the context of the 2010 Strategic Review, a decision was made to outsource the majority of the collection work handled by the NFRP to a private collection agency. The recovery of fines by way of set-off against the offenders’ income tax refunds and GST/HST credits will not be included in the outsourced activities.
NFRP staff are responsible for tracking fines as they come into default. Personal information contained in prosecution files is recorded in the PPSC’s case management system which allows NFRP staff to monitor fine payments as well as the actions taken to collect fines. The collection and use of this information is consistent with the purposes identified in the Personal Information Bank PPSC REG 001.
The outsourcing of fine recovery activities to a collection agency will result in the disclosure by the NFRP of basic information (i.e. name, date of birth, address, phone number, court file number, amount of fine, and court house address) to a Canadian private sector organization acting on behalf of the NFRP.
Privacy Risk Management
The Privacy Impact Assessment (PIA) concludes that the NFRP is compliant and uses best practices in ensuring that Privacy Act requirements are met. The PIA has identified areas relating to outsourcing that will need to be addressed in the Statement of Work prior to the tendering and subsequent contract arrangement with the selected collection agency. The PIA recommendations are designed to mitigate privacy risks and focus on measures that should be considered for inclusion in contractual clauses to enhance privacy and security. Such measures include:
- Control and accountability
- Types of records or personal information affected by the contract
- Designation of individuals by the contractor for privacy/security compliance obligations
- Privacy and confidentiality agreements
- Contractor responsibility for employees, subcontractors and agents who act on its behalf in the performance of the functions under the contract
- Protection of personal information
- Segregation of information
- Threat and Risk Assessments
- Limitations on where the records and personal information may be processed, stored or maintained by the contractor
- Notification of privacy breaches
- Termination or expiry of the contract
- Date modified: