Advanced Passenger Information/Passenger Name Record Program
About the Program
The API/PNR program is designed to protect Canadians by enabling the CBSA to perform a risk assessment of travellers prior to their arrival in Canada.
Getting the Right Information at the Right Time
Information is a critical tool in the fight against terrorism, terrorism-related crimes and other serious crimes. Under Canadian law, commercial carriers are required to provide the CBSA with API/PNR data relating to all persons on board a conveyance bound for Canada. CBSA officers use this information to identify potential high-risk travellers prior to their arrival in Canada.
Protecting Personal Privacy
A Privacy Impact Assessment (PIA) was undertaken to address privacy issues in the API/PNR program. The Office of the Privacy Commissioner (OPC) reviewed the PIA and is satisfied that the most serious possible privacy risks have been or are in the process of being addressed. The CBSA has since informed the OPC of additional privacy measures the agency has implemented.
Safeguards to Personal Privacy
Passenger data provided to the CBSA by commercial carriers is protected under Canadian legislation.
Following a review of the PIA by the OPC, the CBSA implemented the following safeguards to mitigate possible privacy risks:
- Internal security access controls, audit functionality and a monitoring mechanism to review the use and sharing of API/PNR information were implemented;
- Strict guidelines governing the conditions under which information can be disclosed were developed;
- All information that is not required for border management purposes will be purged and completely unavailable for viewing, including information on meals and health;
- PNR data will be retained for a total of three years and six months; however, use and access will vary by length or retention throughout the period;
- For the first 72 hours, targeting and intelligence officers will use PNR data to assess the risk associated to travellers arriving in Canada;
- From 72 hours to two years, the name of the traveller will be blocked from view and intelligence and analyst officers will only use the information to analyze travel trends. The information can be re-identified with the traveller's name only when deemed necessary for intelligence investigation purposes;
- From 72 hours to two years, PNR data may be shared with outside agencies or third parties for no purposes other than border management if a warrant has been obtained;
- From two years up to a maximum of three and a half years, PNR data will only be kept on a depersonalized basis;
- During this same period, the data can only be re-personalized if authorized by the President of the CBSA. The PNR information will only be re-personalized where there are reasons to suspect that the name or identifying data elements are necessary to identify high-risk persons who pose a risk to the security of Canada;
- During this final period, PNR data can only be shared with agencies that have a national security or defence mandate; and
- The CBSA will apply due diligence to ensure that border management information is shared with other government officials only for the very limited public interest purposes expressly provided for in the law.