The Social Insurance Number Code of Practice Annex 8 - Service Canada employees' dos and don'ts: Protecting the privacy and security of the SIN
- Respect and follow all aspects of the Privacy Act , the Privacy Code and the Values and Ethics Code when dealing with personal information.
- Access Social Insurance Register (the Register) information only when necessary to do your job.
- Follow standard procedures for all clients when accessing or updating SIN records or processing any SIN-related requests.
- Respect and follow all directions, policies and procedures presented during training related to SIN registration and authentication.
- Do refer authorized partners and other SIN users, such as employers, to the Social Insurance Registration Office when they want SIN or Register information.
- Protect your Register password and change it regularly.
- Only send an e-mail containing a SIN to an ESDC employee who requests it.
- Remember that an e-mail containing a SIN or personal information becomes part of the client's file and must be provided when requested under the Privacy Act .
- If you must keep SIN or personal information on a laptop, be sure to use an encryption program. Please ensure that all personal information be deleted from the computer when finished.
- Keep personal information, including the SIN, under lock and key.
- Use a secure fax when sending information that includes the SIN or other personal information. If a client would like to send their personal information to an ESDC/Service Canada employee by fax, advise them that their information may be put at risk, before they proceed.
- Do not give preferential treatment to friends or family in your work.
- Don't use clients' personal information, including the Social Insurance Number (SIN), for anything other than your authorized duties.
- Never access or process requests related to your own SIN record or the SIN record of a family member or friend.
- Never provide the SIN or a client's identity information when seeking advice or guidance from a colleague.
- Don't collect the SIN of clients unless your program legally requires it and you are specifically authorized to do so.
- Never leave your workstation without locking your system. Remember that you are responsible for all transactions or accesses made with your Register user code.
- Never forward an e-mail containing SIN information to an e-mail distribution list.
- Don't include a SIN in an e-mail unless a procedure specifies that you may do so. If so, never put the SIN in the subject line of the e-mail.
- Don't leave a laptop containing SIN information unattended or in an unlocked location.
- Don't forget to shred paper records containing SIN and/or personal information before disposal.
- Do not send e-mails containing SIN information outside the Intranet system without the information being encrypted.
Report a problem or mistake on this page
- Date modified: