Lax security at Canada Revenue leads to privacy breaches

Canada's Privacy Commissioner Jennifer Stoddart has tabled a report calling on the federal government to better handle Canadians' personal information. This is her final report before her 10-year mandate comes to an end in December.

Privacy watchdog calls on federal agencies to better handle personal information

Privacy watchdog report

9 years ago
Duration 2:44
A new report by Canada's privacy commissioner highlights lax security practices at a number of federal agencies

The privacy watchdog says weak security practices at the federal tax office led to thousands of files being inappropriately accessed for years without detection.

Privacy Commissioner Jennifer Stoddart has more than a dozen recommendations — including better monitoring of employee access rights — to ensure the Canada Revenue Agency protects sensitive information.

"Canadians deserve to have their personal information protected, particularly when they provide it to the government under legal compulsion," Stoddart said in a news release Tuesday.

Canadians deserve to have their personal information protected, particularly when they provide it to the government under legal compulsion- Federal privacy watchdog Jennifer Stoddart

She tabled a special audit of the revenue agency along with her annual report on compliance with the Privacy Act, the law that governs how federal agencies handle personal information.

For the second year in a row, all-time highs were set for both privacy complaints about federal organizations as well as data breaches reported by departments and agencies.

From April 2012 to the end of March, Stoddart received 2,273 complaints from the public, up from 986 over the same period a year before.

Border security pact

Much of the increase stemmed from two highly publicized data breaches involving Employment and Social Development Canada and the Justice Department.
Federal Privacy Commissioner Jennifer Stoddart says her office received 2,273 privacy complaints from the public between April 2012 to the end of March 2013 - up from 986 complaints over the same period the year before. (Sean Kilpatrick/The Canadian Press)

Stoddart also flagged elements of the Canada-U.S. perimeter security pact, intended to smooth the passage of goods and people across the 49th parallel while beefing up continental defences.

She expressed concern about plans to keep information for 75 years once it's collected by border officials under a new entry-exit system that will track the movements of travellers.

Stoddart also objected to an absence of signs informing people they might be subject to detention, questioning or searches in areas including departure lounges or shipping terminals — part of a plan to extend the powers of Canada Border Services Agency officers.

"Perimeter security is and will remain an important priority for the government," Stoddart said in the release. "Our office has joined with our provincial and territorial colleagues in raising the need to ensure that the standards and values behind our privacy laws are not diminished."

Stoddart leaves the privacy commissioner's post later this year. A successor has not been named.


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?