Privacy Impact Assessment (PIA) Executive Summary

Archived - Scenario Based Targeting

Archived Content

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

The Scenario Based Targeting (SBT) initiative is aligned with the Canada Border Services Agency’s (CBSA) border vision and the Government of Canada’s commitments under the Beyond the Border Action Plan to address threats earlier to enhance our security and accelerate the flow of legitimate goods and people. This initiative is an important part of the Beyond the Border declaration, negotiated between Canada and the United States (U.S.) in 2011, whereby Canada committed to implementing a harmonized methodology for the screening of all travellers.

The Canada Customs and Revenue Agency implemented the Advance Passenger Information (API) / Passenger Name Record (PNR) program in October 2002, mandating the collection of prescribed information from commercial air carriers to identify persons who are or who may be involved with terrorism or terrorism-related crimes or other serious crimes, including organized crime, that are transnational in nature. In 2003 and 2004, the CBSA established the High-Risk Traveller Identification Initiative (HRTI) jointly with the United States Customs and Border Protection (U.S. CBP) to extend the API/PNR program to identify high-risk air travellers. Both parties agreed to implement a risk scoring methodology within their automated passenger systems to conduct risk assessment of unknown high-risk air passengers flying into their respective countries.

After an extensive analysis of the risk scoring methodology and the continued commitment to comply with agreements made with the U.S. CBP, the CBSA undertook the replacement of risk scoring functionality with scenario based rules functionality on a limited basis. In January 2010, the Executive Policy Committee approved the implementation of a long-term solution for SBT within the Passenger Information System (PAXIS).

SBT-related enhancements to PAXIS will increase the efficiency, effectiveness and accuracy of the targeting officer’s otherwise manual and labour-intensive work, and thereby help facilitate the more efficient movement of legitimate people while safeguarding the border and the security of Canada. The enhancements also dramatically reduce scenario deployment times and costs enabling the CBSA to respond to imminent threats.

The scope of the SBT project is to make changes to PAXIS, which previously used a risk scoring methodology, to accommodate a scenario-based methodology to enhance the processes which identify suspected high-risk travellers in the air mode. SBT will more effectively direct the focus on a smaller segment of the travelling population who represent a potential high risk.

The SBT project and methodology is subject to the Customs Act, sections 7.1, and 107.1, the Immigration and Refugee Protection Act, paragraphs 148(1)(d) and 149, the Immigration and Refugee Protection Regulations, section 269, and the Passenger Information (Customs) Regulations, Protection of Passenger Information Regulations.

The Pre-Border Programs Directorate of the CBSA is undertaking the replacement of risk scoring functionality with scenario based rules functionality using API/PNR information that is processed and maintained in PAXIS. The scope of this Privacy Impact Assessment (PIA) is limited to assessing privacy risks associated with the deployment of the SBT methodology.

This PIA is an appendix to the overarching API/PNR Program PIA along with the High-Risk Traveller Identification Initiative (HRTI) PIA.

This PIA report identified one minor privacy risk related to the API/PNR Program Personal Information Bank (PIB) in the manner in which it currently reflects risk scoring, rather than SBT methodology, and does not fully reflect statutory authorities for use of the personal information. This risk will be mitigated or eliminated when the API/PNR Program PIB is updated for March 2014.

Right of Access

An individual may formally request access to their personal information, or access to corporate records related to or created by scenario based targeting, by contacting the Access to Information and Privacy Division. More information about this can be found at:


If an individual has concerns about the collection, use, disclosure or retention of their personal information, they may issue a complaint to CBSA Access to Information and Privacy Division. Complaints should be made in writing, and include the individual’s name, contact information, and a brief description of their concerns. Contact information for the Access to Information and Privacy Division at the CBSA can be found at:

Date modified: