Canadian Police Information Centre
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Home > Dissemination of Criminal Record Information

Institutional links

Dissemination of Criminal Record Information

Executive Summary

The policies set forth in this document apply to Canadian Police Information Centre (CPIC) Agencies that are engaged with Third Party Companies for conducting name-based criminal record verifications. The policies are effective immediately and should be adhered to in conjunction with the CPIC Reference Manual. In instances where these policies conflict with the CPIC Reference Manual, the policies in this document shall take precedence.

These policies are considered interim measures in response to breaches of CPIC policies and related federal legislation. Policies have been breached as a result of certain practices being undertaken by CPIC Agencies that are engaged with Third Party Companies for conducting criminal record name checks. In particular, criminal record information is being disseminated without confirming identity by means of a fingerprint comparison.

A CPIC Agency must enter into an Agreement, as defined in the definitions section of this do/cument, with the Third Party Company for whom they are conducting criminal records checks. This Agreement must be submitted to CPIC for review and approval to ensure that the Agreement conforms to legislation, the Ministerial Directive on the Release of Criminal Records and CPIC policy. The CPIC Agency is not permitted to conduct criminal records checks on behalf of a Third Party Company until such time that the Agreement is approved by the Director General (or delegate) of the CPI Centre.

Employees of a CPIC Agency who are conducting criminal records checks on behalf of a Third Party Company must successfully complete the CPIC Query Narrative Course.

This document addresses policies concerning: proper identity verification and informed consent of individuals undergoing name-based criminal record verifications; online criminal record checks; retention of information for CPIC auditing purposes; standard query responses to criminal record name checks; and the disclosure of criminal record information. In accordance with the policies set forth in this document, fingerprints are required for positive identification before criminal records are released. The release of criminal record information is pursuant to Appendix IV-1-A: Ministerial Directive Release of Criminal RecordInformation as identified in the CPIC Reference Manual. The directive, by its inclusion in the CPIC Reference Manual, applies to all CPIC Agencies.

As identified in this document, CPIC Agencies that are in partnership with Third Party Companies for the purposes of conducting name-based criminal record verifications arenot permitted to perform criminal record name checks for “Vulnerable Sector” and “Young Person” purposes on behalf of the Third Party Company.

Any breach in policy set forth in this document will be investigated by the appropriate CPIC Field Ops, and sanctions will be undertaken as necessary.

This document is a follow-up to the directive (09-11-30) sent from the Deputy Commissioner, RCMP Policing Support Services to all CPIC Heads of Agencies.

General

1. Purpose

1.1 The purpose of this document is to outline interim policies for police agencies that are

engaged with third party companies for conducting name-based criminal record verifications.

2. Definitions

2.1 The following definitions, used in singular or plural context, apply throughout this document:

CPIC Agency : A Canadian police agency that is authorized to access the Canadian Police Information Centre (CPIC), and is engaged with a Third Party Company for the purposes of conducting name-based criminal record verifications. A CPIC Agency could also be an Agent of the Principal (e.g. Applicant).

Third Party Company : A private organization that is in partnership with a CPIC Agency for the purposes of conducting name-based criminal record verifications. The Third Party Company receives standard responses to Criminal Record Synopsis / Criminal Name Index (CRS/CNI) queries from the CPIC Agency (pursuant to Section 12 of this document ) in support of conducting name-based criminal record verifications for background screening checks.

Client : A private organization that utilizes the services of a Third Party Company for the purposes of conducting name-based criminal record verifications in support of background screening checks.

Applicant : An individual undergoing a name-based criminal record verification.

Principal : A party (e.g. Applicant) that consents to work and/or activities being performed by Agents for the purposes of conducting name-based criminal record verifications.

Agent : Any party (e.g. CPIC Agency, Third Party Company, Client) involved with conducting name-based criminal record verifications as consented to by the Principal (e.g. Applicant).

Physical Verification : Any Agent involved with conducting a name-based criminal record verification performs due diligence to ensure that the Identification Verification (Refer to Section 8 of this document ) and Informed Consent (Refer to Section 9 of this document ) policies are applied. Verification includes ensuring (to the satisfaction of the Agent) that the Applicant accurately completes the Informed Consent form and clearly understands the Informed Consent criteria. Verification also includes ensuring that the provided Identification corresponds to the Applicant.

Agreement : A written agreement (e.g. contract, legal agreement, Memorandum of Understanding (MOU)) that identifies the participating obligations of both the CPIC Agency and the Third Party Company for the purposes of conducting name-based criminal record verifications.

3. Application

3.1 The policies in this document apply to CPIC Agencies and all Agents that are involved with conducting name-based criminal record verifications.

3.2 CPIC Agencies shall reference these policies in conjunction with the CPIC Reference Manual. In instances where these policies conflict with the CPIC Reference Manual, the policies in this document shall take precedence.

3.3 A CPIC Agency is solely responsible for ensuring that all Agents adhere to the policies where applicable.

3.3.1 Sections 5, 7, 11, 12, and 13 of this document apply to CPIC Agencies only.

3.3.2 Sections 4, 6, 8, 9, 10 and 14 of this document apply to CPIC Agencies and other Agents where applicable.

3.4 CPIC Agencies in partnership with Agents are not permitted under these policies to conduct name-based criminal record verifications for Vulnerable Sector and Young Person purposes, as identified in Section 14.

4. Effective Date

4.1 These policies are effective on December 8 th, 2009.

5. CPIC Policy Breach

5.1 Any breach in policy set forth in this document will be investigated by CPIC, and sanctions will be undertaken as necessary.

6. Working Group

6.1 These policies will be replaced by formal CPIC policy and procedures that will be developed as part of the upcoming working group in 2010.

6.2 The purpose of the working group is to develop clear, uniform practices for CPIC Agencies that have partnerships with Third Party Companies for conducting name-based criminal record verifications. Practices will be in accordance with CPIC policy, applicable legislation at all levels of government and private sector regulations.

6.3 The working group will consist of CPIC Agencies, public safety partners, and as may be required, Third Party Companies.

Agreement

7. Agreement between CPIC Agency and Third Party Company

7.1 A CPIC Agency must enter into an Agreement, as is defined in the definitions section of this policy document, with the Third Party Company for whom they are conducting criminal records checks. This Agreement must be submitted to the Canadian Police Information Centre for review and approval to ensure that the Agreement conforms to legislation, the Ministerial Directive on the Release of Criminal Records and CPIC policy. The CPIC Agency is not permitted to conduct criminal records checks on behalf of a Third Party Company until such time as the Agreement is approved by the Director General (or delegate) of the CPI Centre.

7.1.1 The Agreement must identify that the CPIC Agency authorizes the Third Party Company to act as an Agent on behalf of the CPIC Agency for the purposes of conducting name-based criminal record verifications, and as an Agent on behalf of the Applicant for the purposes of performing a name-based criminal record verification.

7.1.2 The Agreement must identify all Agents involved with conducting name-based criminal record verifications, including any subcontracting work.

7.1.3 The Agreement must identify the entire Principal-Agent relationship involved with conducting named-based criminal record verifications. Any applicable consent requirements between the Principal and Agent(s), and between Agents must be clearly identified.

7.1.4 The Agreement must identify the policies in this document that apply to all involved Agents.

7.1.5 The Agreement must identify that the RCMP is indemnified of all claims or demands of any kind caused by the Agreement. This condition will also be included in any arrangements (e.g. Memorandum of Understanding) between the RCMP and the CPIC Agency for the purposes of accessing CPIC.

7.1.6 The Agreement must identify that the CPIC Agency is solely responsible for ensuring that any retained data, pursuant to Section 11 of this document, is retained locally by the CPIC Agency and made available to CPIC for auditing purposes only.

General Policy

8. Identity Verification

8.1. An Applicant must provide government-issued identification prior to undergoing a name-based criminal record check when appearing in person in front of one of the Agents.

8.1.1 An Applicant must provide: two (2) pieces of identification, one of which must be government-issued and include the Applicant’s name, date of birth, signature and photo of the Applicant. Copies of the identification documents must be provided to one of the Agents with the signed Informed Consent form.  Photocopies of the identification must be certified by at least one of the Agents who will confirm that the Applicant signing is the individual on the government-issued photo identification. The Agent verifying the identity of the Applicant must compare the signature on the government-issued identification to the signature on the Informed Consent form.

8.1.2 An Applicant should also provide all Applicant names, including: given name(s); surname; maiden name (if applicable); and any name(s) that were changed in accordance with a legal name change (if applicable). This information is provided to facilitate the criminal record name check process identified in Section 12.1 of this document .

8.3 The pieces of identification must undergo Physical Verification by all Agents involved with conducting the name-based criminal record verification.

8.4 Legible copies of the identification must be retained in accordance with the provisions of relevant privacy legislation and CPIC Agency retention and disposal schedules.

8.4.1. Legible copies of the identification must be retained locally by the CPIC Agency for a minimum of two (2) years for CPIC auditing purposes only.

8.5 The CPIC Agency head or delegate thereof must be satisfied with the identification procedures, pursuant to Chapter 1.2 Section 7.1.a.2.3 of the CPIC Reference Manual.

9. Informed Consent

9.1 An Applicant must grant consent prior to undergoing a name-based criminal record verification.

9.2 The Informed Consent form must be completed and signed by the Applicant, and witnessed by at least one of the Agents.

9.3 Once completed by the Applicant, the Informed Consent form must immediately undergo Physical Verification by all involved Agents.

9.4 Legible copies of the Informed Consent form must be retained in accordance with the provisions of relevant privacy legislation and CPIC Agency retention and disposal schedules.

9.4.1 Legible copies of the Informed Consent form must be retained locally by the CPIC Agency for a minimum of two (2) years for CPIC auditing purposes only.

9.5 Informed Consent forms must include the following minimum criteria:

9.5.1 Identification of the Applicant: surname; given name(s); sex; date of birth; place of birth; current address; previous addresses, if any, within last five (5) years.

9.5.2 Reason for the Consent: purpose of the criminal record verification; description of position; name of person or organization requiring the criminal record verification.

9.5.3 Signature of Applicant: Applicant should clearly understand and sign to the purpose and intent of the name-based criminal record verification.

9.5.4 Consent information must clearly indicate that a search of the National Criminal Records repository maintained by the RCMP will be conducted based on the name(s) and date of birth provided by the Applicant.

10. Online Criminal Record Checks

10.1 In accordance with Section 7 of this document, an online criminal record check process will undergo assessment by the RCMP to ensure policy compliance.

10.2 Online criminal record checks may also be conducted providing that the following policy requirements are met:

10.2.1 The CPIC Agency head or delegate thereof must be satisfied with the online criminal record check process, pursuant to Chapter 1.2 Section 7.1.a.2.3 of the CPIC Reference Manual.

10.2.2 The process must be clearly identified in the Agreement between the CPIC Agency and the Third Party Company, pursuant to Section 7 of this document.

10.2.2.1 The Agreement between the CPIC Agency and the Third Party Company (Section 7) must clearly identify how the online criminal record check process accounts for the applicable physical verification measures in Sections 8 and 9. For example, Section 9.2 (witnessing the signing of the Informed Consent form) may be met by demonstrating that the online process securely verifies and authenticates the identity of the Applicant.

10.2.3 An audit trail of the process for each online criminal record check must be retained in accordance with the provisions of relevant privacy legislation and CPIC Agency retention and disposal schedules.

10.2.4 An audit trail of the process for each online criminal record check must be retained locally by the CPIC Agency for a minimum of two (2) years for CPIC auditing purposes only.

10.3 The transmission of electronic data must be secure.

10.3.1 The CPIC Agency is responsible for securing the electronic transmission of data involved with online criminal record checks.

10.3.2 The method for securing the electronic transmission of data must be clearly identified in the Agreement between the CPIC Agency and the Third Party Company, pursuant to Section 7 of this document.

10.4 The online criminal record check process must confirm the identity verification and authentication of the Applicant.

10.4.1 The CPIC Agency is responsible for ensuring that the online criminal record check process confirm the identity verification and authentication of the Applicant.

CPIC Agency Policy

11. Retention of Data for Auditing Purposes

11.1 Information as identified in Sections 8.4, 9.4 and 10.2.4 of this document must be

retained locally by the CPIC Agency for a minimum of two (2) years for CPIC auditing purposes only.

11.2 Responses sent from the CPIC Agency to the Third Party Company must be retained

locally by the CPIC Agency for a minimum of two (2) years for CPIC auditing purposes

only.

11.3 Information as identified in Sections 11.1 and 11.2 of this document must be made available by the CPIC Agency to CPIC for auditing purposes only.

12. CNI/CRS Queries and Responses

12.1 When conducting a Criminal Name Index/Criminal Record Synopsis (CNI/CRS) query,

the CPIC Agency must use all names of the Applicant, including: given name(s); surname; maiden name (if applicable); and any name(s) that were changed in accordance with a legal name change (if applicable).

12.2 All newly engaged employees of a CPIC Agency that conduct name-based criminal record checks must successfully complete the CPIC Query/Narrative course prior to performing CNI/CRS queries to ensure that they have a thorough understanding of CPIC policy and how to properly analyze CNI/CRS query results. This is required for all CPIC Agencies that have partnerships with Third Party Companies for the purposes of conducting name-based criminal record verifications. It is highly recommended that all CPIC users complete this course.

12.2.1 The CPIC Query/Narrative course is available online through the Canadian Police Knowledge Network (CPKN): http://www.cpkn.ca/course_detail/cpic_e.html

12.3 The following response messages must be used by CPIC Agencies for CNI/CRS queries.

12.4 Section 12.4.1 of this document replaces Section 7.3.b.4.1 of Chapter 1.2 in the CPIC Reference Manual.

12.4.1 When the CNI/CRS response is negative: “Based solely on the name(s) and

date of birth provided , a search of the National Criminal Records repository maintained by the RCMP did not identify any records for a person with the name(s) and date of birth of the applicant. Positive identification that a criminal record may or may not exist at the National Criminal Records repository can only be confirmed by fingerprint comparison. Not all offences are reported to the National Criminal Records repository. A local indices check may or may not reveal criminal record convictions that have not been reported to the National Criminal Records repository.”

12.5 Section 12.5.1 of this document replaces Section 7.3.b.4.2 of Chapter 1.2 in the CPIC Reference Manual.

12.5.1 When the CNI/CRS response contains possible records: “Based solely on the name(s) and date of birth provided, a search of the National Criminal Records repository maintained by the RCMP could not be completed. In order to complete the request, the applicant is required to have fingerprints submitted to the National Criminal Records repository by an authorized police service or accredited private fingerprinting company. Positive identification that a criminal record may or may not exist at the National Criminal Records repository can only be confirmed by fingerprint comparison. Not all offences are reported to the National Criminal Records repository. A local indices check may or may not reveal criminal record convictions that have not been reported to the National Criminal Records repository.’

12.5.2 The response in Section 12.5.1 of this document must be used when a CNI/CRS response contains only Young Person records.

12.6 A CPIC Agency is responsible for ensuring that a Third Party Company provides the appropriate CNI/CRS response messages identified in Sections 12.4.1 and 12.5.1 of this document as required to other authorized Agents.

13. Disclosure of Criminal Record Information

13.1 The release of criminal record information is pursuant to Appendix IV-1-A:

Ministerial Directive Release of Criminal Record Information as identified in the CPIC Reference Manual.

13.1.1 The directive, by its inclusion in the CPIC Reference Manual, applies to all CPIC

Agencies.

13.2 The release of criminal record information is pursuant to Chapter 1.2 Section 7.3.b.4 of the CPIC Reference Manual.

13.3 CPIC Agencies shall refer to Section 12 of this document for CNI/CRS responses.

13.3.1 Section 12 of this document must be referenced instead of Chapter 1.2

Sections 7.3.b.4.1 and 7.3.b.4.2 in the CPIC Reference Manual.

13.4 Fingerprints are required for positive identification before criminal records are released.

13.5 The exceptions outlined in Appendix IV-1-A of the CPIC Reference Manual where

fingerprints may be waived do not apply to CPIC Agencies for the purposes of this policy only.

13.6 The CPIC Agency head or delegate thereof must be satisfied that the release of criminal record information conforms with Appendix IV-1-A , pursuant to Chapter 1.2 Section 7.1.a.2.5 of the CPIC Reference Manual.

14. Out of Scope

14.1 The following areas are out of scope for the purposes of the interim policies set forth in this document. These areas will be further assessed as part of the working group activities identified in Section 6 of this document .

        • Third Party Companies are not permitted to offer Vulnerable Sector Checks or criminal record checks associated with Young Persons, pursuant to policy and provisions of the Youth Criminal Justice Act, to any Agent and/or Applicant. CPIC Agencies cannot undertake such checks on behalf of a Third Party Company.
Date Modified: 2009-12-08

Top of Page
Important Notices