Canada Emergency Benefits, Canada Recovery Benefits, and Canada Worker Lockdown Benefit Validation and Compliance

Collections and Verification Branch
Individual Compliance Directorate

On this page

Overview & Privacy Impact Assessment (PIA) Initiation 

Government institution

Canada Revenue Agency

Government official responsible for the PIA

Marc Lemieux
Assistant Commissioner
Collections and Verification Branch

Head of the government institution or Delegate for section 10 of the Privacy Act

Anne Marie Laurin
Director General
Access to Information and Privacy Directorate

Name of program or activity of the government institution

Benefits

We deliver a range of ongoing benefits, credits, and one-time payment programs that support the economic and social well-being of Canadians. Through processing activities, we make sure that Canadians receive their rightful benefits in a timely manner. We offer benefit recipients timely and accessible information on their entitlements and obligations both through our call centres and securely online, which helps Canadians become more aware of the benefits they are entitled to and how to receive them.

Standard or institution specific class of record:

Canada Emergency Benefits and Canada Recovery Benefits Validation
CRA CVB 192

Standard or institution specific personal information bank:

Canada Emergency Benefits / Canada Recovery Benefits Validation
CRA PPU 183
TBS Registration Number

Legal authority for program or activity

Summary of the project, initiative or change

Overview of the Program or Activity

The CRA administered COVID–19 benefits to provide temporary income support to individuals between March 15, 2020, and May 7, 2022. The benefits included the Canada recovery benefit (CRB), Canada emergency response benefit (CERB), Canada worker lockdown benefit (CWLB), Canada recovery sickness benefit (CRSB), Canada emergency student benefit (CESB), and the Canada recovery caregiving benefit (CRCB). The CRA continues to administer these benefits for Employment and Social Development Canada (ESDC) and is using existing taxpayer information for verification of eligibility and compliance purposes.

Applications for the benefits require individuals to attest that they meet the eligibility requirements. The Benefits and Individual Integrity Division is validating applications and payments to maintain public confidence in Canada’s tax system and ensure that payments are available for people who need them most.

The Division’s mandate is to act on individual compliance strategies, support field resources, and engage stakeholders for the CRB, CERB, CWLB, CRSB, CESB and CRCB payments. The Division ensures compliance of the CRB, CERB, CWLB, CRSB, CESB and CRCB by validating eligibility criteria through client contact.

To validate eligibility for the CRCB during post-validation activities, the Division employs a modified T182 form, which requests supporting information for the CRCB application, specifically dependant information. This is used in cases where it is not clear from system information if the applicant has a dependant, and it has been determined that dependant information is required to validate CRCB eligibility. The forms are sent along with initial contact letters for CRCB reviews.

Two remission orders were created to help taxpayers with CESB and CERB applications:

The objectives of the orders are to limit the financial hardship on Canadians and to maintain the original policy intent of the Canada Emergency Student Benefit Act (CESBA) and Canada Emergency Recovery Benefit Act (CERBA).

The CESB remission order remits the Canada emergency response benefit (CERB) debt of individuals found to be not eligible for this emergency benefit, but who may have otherwise been eligible for the Canada emergency student benefit (CESB) had they applied. This remission would effectively provide relief to students who have an established CERB debt. Also, the remission order would allow for individuals who have made a CERB repayment to be reimbursed any excess funds that originate from the repayment. Reimbursement would only apply in cases where there is an excess amount on the account once the CESB equivalent payment has been credited to the account. For the CESB, to receive financial relief, a student must complete and submit Form T186. The Benefits and Individual Integrity Division performs reviews on any T186 forms referred by the T1/T3 Accounting Enquiries Section of the Assessment, Benefit, and Service Branch.

The CERB remission order states that following an informational letter of November 2020, indicating that net self-employment income was to be used as an eligibility criteria, taxpayers voluntarily refunded CERB payments. An announcement was made in February 2021 advising self-employed individuals who applied for the CERB that they qualified to have the CERB amounts they repaid reimbursed based on their gross income. On May 27, 2021, taxpayers who voluntarily repaid a CERB amount could request a refund with a specific form. Requests started to be processed on June 15, 2021. For the CERB, to request a reimbursement for a repayment, an individual must fill in and submit Form T180. The Benefits and Individual Integrity Division reviews T180 forms for validity.

To provide debt relief, T180 forms were also accepted from taxpayers who had not repaid the CERB, but who had been deemed not eligible and therefore had a debt on their account. In both scenarios, no additional payments were issued. In cases where the applicant had not repaid the CERB, but was eligible under the CERB remission order, the CERB debt was eliminated.

Business intelligence and a risk-based approach was used to determine which taxpayers would require further verification. Based on CRA information, blocks were set on certain taxpayer accounts to prevent automated processing of the applications, for example, if a taxpayer did not appear to have earned $5,000, based on available tax data, or was coded as having received EI or was eligible for EI based on shared information from Employment and Social Development Canada which would indicate if a review of the application was needed.

Due to the high volume of individuals affected by COVID-19, blocks were added gradually as not to overwhelm the system, and to ensure individuals in need received as much help as possible. Therefore, some taxpayers were given a pre-validation review, and in some cases a second review, before any benefit payment was released, while others would be verified during a post-validation review.

Due to the sensitivity of the benefits, a recourse process was developed to allow individuals an additional review. Canadians can request a second review in writing and can supply additional documents and have another review of their application by a different CRA agent. A taxpayer also has the option to apply for a judicial review, where a judge will rule on whether the CRA demonstrated a reasonable, consistent, fair, and transparent decision-making process. A judicial review does not rule on whether the applicant is eligible or not eligible for a benefit. Random quality assurance reviews are done to ensure the legislation is being applied fairly to all applicants.

Scope of the Privacy Impact Assessment

This PIA concerns the pre-validation, second review and post-validation of payments for the CRB, CERB, CWLB, CRSB, CESB and CRCB done by the Benefits and Individual Integrity Division. This includes validation of applications with identified risk factors and applicants requesting a second review. The validation activities are to ensure eligible applicants received the appropriate benefits and any overpayments are recorded. The administration and pre-validation of the CRB, CERB, CWLB, CRSB, CESB and CRCB done by the Assessment, Benefit, and Service Branch are excluded from the scope of this PIA and are covered under other PIAs. Validation activities performed by the Integrity and Identity Review Section will be described in a future PIA. The judicial review process through the courts is out of scope of this PIA.

Risk identification and categorization

A) Type of program or activity

Compliance / Regulatory investigations and enforcement  

Level of risk to privacy: 3

Details:
Personal information will be used by the CRA for pre- and post-payment verification, compliance, and enforcement activity for the CRB, CERB, CWLB, CRSB, CESB and CRCB for Employment and Social Development Canada. 

B) Type of personal information involved and context

Social insurance number, medical, financial, or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual. 

Level of risk to privacy: 3

Details:

Personal information may include name, contact information, social insurance number, temporary tax number, individual tax number, citizenship status, financial information, biographical information, medical information, employee personnel information, date of birth, date of death, incarceration status, mailing address, income, the attestation for eligibility, and direct-deposit details.

To further determine eligibility, the date of birth, date of death and incarceration status was to be also cross referenced.

C) Program or activity partners and private sector involvement

Within the institution (amongst one or more programs within the same institution)

With other federal institutions

Level of risk to privacy: 2

Details:

The CRA is performing pre- and post-payment verifications, compliance, and enforcement activities for the CRB, CERB, CWLB, CRSB, CESB and CRCB for Employment and Social Development Canada. Post-payment verification, compliance, and enforcement activities for the program will need to reach various sectors within the CRA.

D) Duration of the program or activity

Short–term program 

Level of risk to privacy: 2

Details:

The CRB, CERB, CWLB, CRSB, CESB and CRCB programs to help individuals facing hardship because of the COVID–19 outbreak were short-term projects. The compliance and enforcement activities covered in this PIA are planned to last until the end of the fiscal year 2024 to 2025.

E) Program population

The program affects certain individuals for external administrative purposes.

Level of risk to privacy: 3

Details:

The program affects applicants for the CRB, CERB, CWLB, CRSB, CESB and CRCB.

F) Technology & privacy

  1. Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?
  2. Risk to privacy: No

  3. Does the new or modified program or activity require any modifications to IT legacy systems and/or services?
  4. Risk to privacy: No

  5. Does the new or modified program or activity involve the implementation of one or more of the following technologies?

Enhanced identification methods - this includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc.) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).

Risk to privacy: No

Use of Surveillance - this includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices, RFID, surreptitious surveillance/interception, computer aided monitoring including audit trails, satellite surveillance etc.

Risk to privacy: No

Use of automated personal information analysis, personal information matching and knowledge discovery techniques - for the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.

Risk to privacy: Yes

G) Personal information transmission

The personal information is transmitted using wireless technologies.

Level of risk to privacy: 4

Details:

The personal information is stored in various CRA systems and databases, which have access to other systems and in limited circumstances can be transferred to an agency/department-approved and secure portable device such as a secure USB key with higher level of encryption.

The data exchange mechanism (secure FTP) used by Employment and Social Development Canada, which is supported by Shared Services Canada, has existed for more than 10 years.

All personnel may use laptops with full disk encryption and standard secure remote access. The CRA’s Information Technology Branch has developed an enterprise-wide telecommuting platform that offers users secure access to the CRA network. 

H) Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee

Details:

If the personal information is compromised, it has the potential to cause financial harm and embarrassment to the affected individual.

More details on mitigation measures can be found in the Authentication and Credential Management Privacy Impact Assessment.

Page details

Date modified: