Canada’s privacy watchdog is concerned about the amount of snooping going on at the Canada Revenue Agency (CRA).
Privacy Commissioner Jennifer Stoddart said there was a “significant trend” in complaints from people who believe their personal information had been accessed inappropriately.
“Over the years we had recurring complaints from people who thought, from what other people had told them, that somehow they must have been looking at their income tax files and they knew that these other people worked at the Canada Revenue Agency,” Stoddart told Global‘s Jennifer Tryon. “This has been a pattern over the years.”
The details of the privacy breaches were outlined in an annual report tabled in Parliament on Tuesday.
She said her office began its first audit of CRA in 2009 and recommended the agency hire a chief privacy officer. That didn’t happen until three years later, after the Privacy Commission’s second audit.
Stoddart said Canadians have no option but to submit private information on their annual income tax return forms.
Now after a record number of complaints, Stoddart said there have been thousands of people over the years who have had that information accessed.
She said one instance is too many.
“These were employees who shouldn’t have been looking into files because they were not working actively on these files,” Stoddart explained. “In fact they were looking at files of ex-partners, neighbours, people that they were curious about or had a grudge against.”
But there were also instances where the information was used for preferential treatment or even fraud.
“There are very serious consequences for people who’ve been snooped on and that’s why they came forward,” Stoddart said. “People would be talking about their private lives, conjecturing about their state of health from information they’d seen in the tax file.”
“In our country, what you put down in your income tax is pretty confidential information and then to find a third party using this for their own advantage or to get back at you,” she said Tuesday afternoon.
CRA said it’s changing its security policies and implementing stricter discipline. The agency said it has also fired some employees.
“I think this unauthorized snooping will be largely controlled,” Stoddart said. “They are changing some of their systems to make sure they’re more privacy protected. But we’ll go back in two years to make sure that all has been done.”
She said her office has made 13 recommendations in the latest audit, including privacy breach reporting, monitoring employee access rights and threat and risk assessments for IT systems.
Comments