The Advance Passenger Information (API)/Passenger Name Record (PNR) program was implemented in October 2002, mandating the collection of prescribed information from commercial air carriers to identify persons who are or who may be involved with terrorism or terrorism-related crimes or other serious crimes, including organized crime, that are transnational in nature. From 2003 to 2004, the Canada Border Services Agency (CBSA) phased in the High-Risk Traveller Identification (HRTI) Initiative jointly with the US Customs and Border Protection (US CBP) to extend the API/PNR program to identify high-risk air travellers.
In 2010, following an extensive effectiveness review, the CBSA implemented a long-term solution using a scenario-based targeting methodology within CBSA’s Passenger Information System (PAXIS). Scenario-Based Targeting (SBT) is aligned with the Government of Canada’s commitments under the Beyond the Border Action Plan to address threats earlier to enhance our security and facilitate the flow of legitimate goods and people. The initiative is an important part of the Declaration on a Shared Vision for Perimeter Security and Economic Competitiveness, negotiated between Canada and the United States (US) in 2011, whereby both countries committed to implementing a harmonized methodology for the screening of all international travellers.
SBT assesses each traveller against scenarios representing a specific combination of risk. The criteria and data elements for each scenario are derived from analyzing historical enforcement, tactical and operational information. SBT is a more flexible tool to respond to the evolving world of global threats, and offers more governance and performance measurement opportunities than risk scoring under the HRTI. Scenarios do not generate a cumulative score like the risk scoring methodology; rather, when a traveller’s information matches all the criteria of a scenario, they are considered to be a potential risk requiring review by a targeting officer.
Scenarios fall under three categories: national security, illicit migration and contraband. SBT directs CBSA’s focus towards a smaller segment of the travelling population who represent a potential high-risk via API and PNR, enforcement trends and intelligence information. SBT enables a greater flexibility than the risk scoring approach. It is possible to create, modify or delete a scenario from PAXIS in near real time to support new, evolving or expired risk threats.
Further to a recommendation by the Office of the Privacy Commissioner, the CBSA established the Scenario Based Targeting Governance Framework and addressed the requirement for a documented scenario review process to assess potential impacts on privacy, civil liberties and human rights. The governance surrounding SBT includes two working-level committees that leverage the existing organizational framework to ensure it is effectively and efficiently managed and complies with international agreements, legislative and regulatory requirements.
SBT is subject to the Customs Act sections 7.1 and 107.1, the Immigration and Refugee Protection Act (IRPA) paragraph 148(1)(d) and section 149, the Immigration and Refugee Protection Regulations (IRPR) section 269, the Passenger Information (Customs) Regulations (PICR), and the Protection of Passenger Information Regulations (PPIR). Further administrative guidance is offered in Memorandum D1-16-3 - Administrative Guidelines for the Provision to Others, Allowing Access to Others and Use of Advance Passenger Information (API) and Passenger Name Record (PNR) Data.
Right of Access
Canadian travellers are able to request a copy of their API/PNR data received by the CBSA from commercial air carriers, pursuant to the Privacy Act.
All travellers, regardless of their citizenship or presence in Canada, may informally request their API/PNR data or request a correction to erroneous data by completing the Traveller’s API/PNR Information Request Form, which is available on the CBSA’s website, and mailing it to the CBSA. The CBSA will forward a written response to the traveller generally within 30 days of receipt of the request.
If a traveller has concerns about the collection, use, disclosure or retention of their personal information, they may issue a complaint to the Office of the Privacy Commissioner of Canada who is mandated to investigate. Complaints should be made in writing, and include the traveller’s name, contact information, and a brief description of their concerns. Details of the complaint process can be found on the Privacy Commissioner’s Website.
- Date modified: