No one's saying much about what happened and who's been held accountable for several breaches of taxpayer privacy at the Canada Revenue Agency.
The privacy breaches came to light last week in the annual report of the watchdog for CSIS, Canada's spy agency. The report described how intelligence officers, repeatedly and without a warrant, improperly obtained taxpayers' information.
The Security Intelligence Review Committee found there were "multiple instances of a particular CSIS office obtaining information."
- CSIS repeatedly obtained confidential taxpayer data without warrants, watchdog says
- Canada's electronic spy agency stops sharing some metadata with partners
The review committee also learned CSIS told the public safety minister and federal court that all of the taxpayer information obtained without a warrant had been deleted from its operational database when, in fact, it wasn't.
But answers about who was responsible for these breaches and who has been held accountable and how have been hard to come by.
In response to a query from CBC News, CSIS spokesperson Tahera Mufti wrote in an email, "While I cannot confirm or deny any internal disciplinary measures that might have been taken, CSIS maintains robust policies and procedures, defining our roles and responsibilities clearly."
A hint of what had happened appeared later in the email, when Mufti added that none of the "information received from the CRA" was shared outside the spy agency and that the data has since been expunged.
When CRA was asked what happened on its side, and whether anyone has been fired or disciplined, spokesman Philippe Brideau responded, "The employee is no longer with the agency (...) For more information about the incident, please contact CSIS."
A follow-up question about whether the former employee had taken the well-worn path of resigning or retiring before being fired, prompted a politely worded response from Brideau that the agency won't be able to provide such details.
The public may learn more if Canada's Privacy Commissioner decides to investigate.
SIRC instructed CSIS to report the breaches to the commissioner. In response to a request for comment, the commissioner's office said it was aware of the incidents and was "examining" the situation.