Canada Emergency Benefits, Canada Recovery Benefits, and Canada Worker Lockdown Benefit Validation and Compliance
Collections and Verification Branch
Individual Compliance Directorate
On this page
- Overview & Privacy Impact Assessment Initiation (PIA)
- Summary of the project, initiative or change
- Risk identification and categorization
Overview & Privacy Impact Assessment (PIA) Initiation
Government institution
Canada Revenue Agency
Government official responsible for the PIA
Marc Lemieux
Assistant Commissioner
Collections and Verification Branch
Head of the government institution or Delegate for section 10 of the Privacy Act
Anne Marie Laurin
Director General
Access to Information and Privacy Directorate
Name of program or activity of the government institution
Benefits
We deliver a range of ongoing benefits, credits, and one-time payment programs that support the economic and social well-being of Canadians. Through processing activities, we make sure that Canadians receive their rightful benefits in a timely manner. We offer benefit recipients timely and accessible information on their entitlements and obligations both through our call centres and securely online, which helps Canadians become more aware of the benefits they are entitled to and how to receive them.
Standard or institution specific class of record:
Canada Emergency Benefits and Canada Recovery Benefits Validation
CRA CVB 192
Standard or institution specific personal information bank:
Canada Emergency Benefits / Canada Recovery Benefits Validation
CRA PPU 183
TBS Registration Number
Legal authority for program or activity
- Canada Revenue Agency
Section 61 authorizes the Canada Revenue Agency (CRA) to enter contracts, agreements, or other arrangements with governments, public or private organizations and agencies, or any person in the name of His Majesty in right of Canada or in its own name.
Note: Section 61 gives the minister of national revenue the authority to enter into agreements to administer programs for other government or private-sector organizations.
Delegation instrument (letter of authorization) - A letter of authorization issued in accordance with section 11 of the Department of Employment and Social Development Act to the CRA regarding subsection 4(1), sections 6 and 7, subsection 8(2), subsection 11(1), sections 13 and 14, subsection 18(1), sections 20, 21, and 25, subsections 26(1) and (2), section 28, subsections 29(1), (2), and (3), sections 30, 31, and 32, subsections 35(2) and (3), and sections 37 and 38 of the Canada Recovery Benefits Act, signed on October 2, 2020, authorizes the CRA to collect personal information, administer and enforce the Canada Recovery Benefits Act for Employment and Social Development Canada.
- A letter of authorization issued in accordance with section 11 of the Department of Employment and Social Development Act to the CRA regarding sections 4, 5, 9, 10, 12 and 13 of the Canada Emergency Response Benefit Act, signed on April 3, 2020, authorizes the CRA to collect personal information administer and enforce the Canada Emergency Response Benefit Act for Employment and Social Development Canada.
- A letter of authorization issued in accordance with section 11 of the Department of Employment and Social Development Act to the CRA regarding subsection 5(1), sections 7 and 8, section 12, subsections 13(1) and (2), section 16, subsections 17(1), (2), and (3), sections 18, 19, and 20, subsections 23(2) and (3), and sections 25 and 26 of the Canada Workers Lockdown Benefit Act, signed on December 2, 2021, authorizes the CRA to collect personal information administer and enforce the Canada Workers Lockdown Benefit Act for Employment and Social Development Canada.
- A letter of authorization issued in accordance with section 11 of the Department of Employment and Social Development Act to the CRA regarding sections 4, 5, 6, 10, 11, 12, 13, 14 and 15 of the Canada Emergency Student Benefit Act, signed on May 12, 2020, authorizes the CRA to collect personal information administer and enforce the Canada Emergency Student Benefit Act for Employment and Social Development Canada.
- Pursuant to section 10 of the Canada Revenue Agency Act, the CRA is authorized to accept delegation of authority to administer the Canada Recovery Benefits Act, Canada Emergency Response Benefit Act, Canada Workers Lockdown Benefit Act and the Canada Emergency Student Benefit Act for Employment and Social Development Canada
- Income Tax Act – Subparagraph 241(4)(d) (vii.6) – Provision of information. Where taxpayer information may be disclosed an official may provide taxpayer information to an official solely for the purposes of the administration and enforcement of the Canada Emergency Response Benefit Act or the evaluation or formulation of policy for that Act
- Income Tax Act – Subparagraph 241(4)(d) (vii.7) – Provision of information. Where taxpayer information may be disclosed an official may provide taxpayer information to an official solely for the purposes of the administration and enforcement of the Canada Recovery Benefits Act or the Canada Worker Lockdown Benefit Act, or the evaluation or formulation of policy for those Acts.
- Canada Emergency Response Benefit Act
- Section 9 – Social insurance number
- Section 12 – Return of erroneous payment or overpayment.
- Section 10 – Provision of information and documents “The Minister may, for any purpose related to verifying compliance or preventing non-compliance with this Act, by notice served personally or by confirmed delivery service, require that any person provide any information or document within the reasonable time that is stated in the notice.”
- Subsection 5(3) – Information “An applicant must provide the Minister with any information that the Minister may require in respect of the application.”
- Canada Recovery Benefits Act
- Section 6 – Obligation to provide information.
- Section 7 – Payment of benefit
- Section 13 – Obligation to provide information.
- Section 14 – Payment of benefit
- Section 20 – Obligation to provide information.
- Section 21 – Payment of benefit
- Section 25 – Social insurance number
- Subsection 26(1) – Provision of information and documents “The Minister may, for any purpose related to verifying compliance or preventing non-compliance with this Act, by a notice served personally or by a confirmed delivery service, require that any person provide any information or document within the reasonable time that is stated in the notice.”
- Subsection 30(1) – Reconsideration of application “Subject to subsection (5), the Minister may reconsider an application for benefits under this Act within 36 months after the benefits have been paid.”
- Subsection 28(1) – Return of erroneous payment or overpayment.
- Section 30 – Reconsideration of application
- Section 31 – Request for review
- Section 35 – Violations and penalties
- Canada Worker Lockdown Benefit Act
- Section 7 – Obligation to provide information.
- Section 8 – Payment of benefit
- Section 12 – Social insurance number
- Subsection 13(1) – Provision of information and documents “The Minister may, for any purpose related to verifying compliance or preventing non-compliance with this Act, by a notice served personally or by a confirmed delivery service, require that any person provide any information or document within the reasonable time that is stated in the notice.”
- Subsection 18(1) – Reconsideration of application “Subject to subsection (5), the Minister may reconsider an application for a lockdown benefit within 36 months after the day on which the benefit has been paid.”
- Subsection 16(1) – Return of erroneous payment or overpayment.
- Section 18 – Reconsideration of application
- Section 19 – Request for review
- Section 23 – Violations and penalties
- Canada Emergency Student Benefit Act
- Subsection 5(4) – Information
- Section 10 – Social insurance number
- Section 11 – Provision of information and documents
- Subsection 13(1) – Return of erroneous payment or overpayment.
Summary of the project, initiative or change
Overview of the Program or Activity
The CRA administered COVID–19 benefits to provide temporary income support to individuals between March 15, 2020, and May 7, 2022. The benefits included the Canada recovery benefit (CRB), Canada emergency response benefit (CERB), Canada worker lockdown benefit (CWLB), Canada recovery sickness benefit (CRSB), Canada emergency student benefit (CESB), and the Canada recovery caregiving benefit (CRCB). The CRA continues to administer these benefits for Employment and Social Development Canada (ESDC) and is using existing taxpayer information for verification of eligibility and compliance purposes.
Applications for the benefits require individuals to attest that they meet the eligibility requirements. The Benefits and Individual Integrity Division is validating applications and payments to maintain public confidence in Canada’s tax system and ensure that payments are available for people who need them most.
The Division’s mandate is to act on individual compliance strategies, support field resources, and engage stakeholders for the CRB, CERB, CWLB, CRSB, CESB and CRCB payments. The Division ensures compliance of the CRB, CERB, CWLB, CRSB, CESB and CRCB by validating eligibility criteria through client contact.
To validate eligibility for the CRCB during post-validation activities, the Division employs a modified T182 form, which requests supporting information for the CRCB application, specifically dependant information. This is used in cases where it is not clear from system information if the applicant has a dependant, and it has been determined that dependant information is required to validate CRCB eligibility. The forms are sent along with initial contact letters for CRCB reviews.
Two remission orders were created to help taxpayers with CESB and CERB applications:
- Canada Emergency Response Benefit and Employment Insurance Emergency Response Benefit Remission Order
- Certain Emergency Response Benefits Remission Order
The objectives of the orders are to limit the financial hardship on Canadians and to maintain the original policy intent of the Canada Emergency Student Benefit Act (CESBA) and Canada Emergency Recovery Benefit Act (CERBA).
The CESB remission order remits the Canada emergency response benefit (CERB) debt of individuals found to be not eligible for this emergency benefit, but who may have otherwise been eligible for the Canada emergency student benefit (CESB) had they applied. This remission would effectively provide relief to students who have an established CERB debt. Also, the remission order would allow for individuals who have made a CERB repayment to be reimbursed any excess funds that originate from the repayment. Reimbursement would only apply in cases where there is an excess amount on the account once the CESB equivalent payment has been credited to the account. For the CESB, to receive financial relief, a student must complete and submit Form T186. The Benefits and Individual Integrity Division performs reviews on any T186 forms referred by the T1/T3 Accounting Enquiries Section of the Assessment, Benefit, and Service Branch.
The CERB remission order states that following an informational letter of November 2020, indicating that net self-employment income was to be used as an eligibility criteria, taxpayers voluntarily refunded CERB payments. An announcement was made in February 2021 advising self-employed individuals who applied for the CERB that they qualified to have the CERB amounts they repaid reimbursed based on their gross income. On May 27, 2021, taxpayers who voluntarily repaid a CERB amount could request a refund with a specific form. Requests started to be processed on June 15, 2021. For the CERB, to request a reimbursement for a repayment, an individual must fill in and submit Form T180. The Benefits and Individual Integrity Division reviews T180 forms for validity.
To provide debt relief, T180 forms were also accepted from taxpayers who had not repaid the CERB, but who had been deemed not eligible and therefore had a debt on their account. In both scenarios, no additional payments were issued. In cases where the applicant had not repaid the CERB, but was eligible under the CERB remission order, the CERB debt was eliminated.
Business intelligence and a risk-based approach was used to determine which taxpayers would require further verification. Based on CRA information, blocks were set on certain taxpayer accounts to prevent automated processing of the applications, for example, if a taxpayer did not appear to have earned $5,000, based on available tax data, or was coded as having received EI or was eligible for EI based on shared information from Employment and Social Development Canada which would indicate if a review of the application was needed.
Due to the high volume of individuals affected by COVID-19, blocks were added gradually as not to overwhelm the system, and to ensure individuals in need received as much help as possible. Therefore, some taxpayers were given a pre-validation review, and in some cases a second review, before any benefit payment was released, while others would be verified during a post-validation review.
Due to the sensitivity of the benefits, a recourse process was developed to allow individuals an additional review. Canadians can request a second review in writing and can supply additional documents and have another review of their application by a different CRA agent. A taxpayer also has the option to apply for a judicial review, where a judge will rule on whether the CRA demonstrated a reasonable, consistent, fair, and transparent decision-making process. A judicial review does not rule on whether the applicant is eligible or not eligible for a benefit. Random quality assurance reviews are done to ensure the legislation is being applied fairly to all applicants.
Scope of the Privacy Impact Assessment
This PIA concerns the pre-validation, second review and post-validation of payments for the CRB, CERB, CWLB, CRSB, CESB and CRCB done by the Benefits and Individual Integrity Division. This includes validation of applications with identified risk factors and applicants requesting a second review. The validation activities are to ensure eligible applicants received the appropriate benefits and any overpayments are recorded. The administration and pre-validation of the CRB, CERB, CWLB, CRSB, CESB and CRCB done by the Assessment, Benefit, and Service Branch are excluded from the scope of this PIA and are covered under other PIAs. Validation activities performed by the Integrity and Identity Review Section will be described in a future PIA. The judicial review process through the courts is out of scope of this PIA.
Risk identification and categorization
A) Type of program or activity
Compliance / Regulatory investigations and enforcement
Level of risk to privacy: 3
Details:
Personal information will be used by the CRA for pre- and post-payment verification, compliance, and enforcement activity for the CRB, CERB, CWLB, CRSB, CESB and CRCB for Employment and Social Development Canada.
B) Type of personal information involved and context
Social insurance number, medical, financial, or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual.
Level of risk to privacy: 3
Details:
Personal information may include name, contact information, social insurance number, temporary tax number, individual tax number, citizenship status, financial information, biographical information, medical information, employee personnel information, date of birth, date of death, incarceration status, mailing address, income, the attestation for eligibility, and direct-deposit details.
To further determine eligibility, the date of birth, date of death and incarceration status was to be also cross referenced.
C) Program or activity partners and private sector involvement
Within the institution (amongst one or more programs within the same institution)
With other federal institutions
Level of risk to privacy: 2
Details:
The CRA is performing pre- and post-payment verifications, compliance, and enforcement activities for the CRB, CERB, CWLB, CRSB, CESB and CRCB for Employment and Social Development Canada. Post-payment verification, compliance, and enforcement activities for the program will need to reach various sectors within the CRA.
D) Duration of the program or activity
Short–term program
Level of risk to privacy: 2
Details:
The CRB, CERB, CWLB, CRSB, CESB and CRCB programs to help individuals facing hardship because of the COVID–19 outbreak were short-term projects. The compliance and enforcement activities covered in this PIA are planned to last until the end of the fiscal year 2024 to 2025.
E) Program population
The program affects certain individuals for external administrative purposes.
Level of risk to privacy: 3
Details:
The program affects applicants for the CRB, CERB, CWLB, CRSB, CESB and CRCB.
F) Technology & privacy
- Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?
- Does the new or modified program or activity require any modifications to IT legacy systems and/or services?
- Does the new or modified program or activity involve the implementation of one or more of the following technologies?
Risk to privacy: No
Risk to privacy: No
Enhanced identification methods - this includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc.) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).
Risk to privacy: No
Use of Surveillance - this includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices, RFID, surreptitious surveillance/interception, computer aided monitoring including audit trails, satellite surveillance etc.
Risk to privacy: No
Use of automated personal information analysis, personal information matching and knowledge discovery techniques - for the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.
Risk to privacy: Yes
G) Personal information transmission
The personal information is transmitted using wireless technologies.
Level of risk to privacy: 4
Details:
The personal information is stored in various CRA systems and databases, which have access to other systems and in limited circumstances can be transferred to an agency/department-approved and secure portable device such as a secure USB key with higher level of encryption.
The data exchange mechanism (secure FTP) used by Employment and Social Development Canada, which is supported by Shared Services Canada, has existed for more than 10 years.
All personnel may use laptops with full disk encryption and standard secure remote access. The CRA’s Information Technology Branch has developed an enterprise-wide telecommuting platform that offers users secure access to the CRA network.
H) Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee
Details:
If the personal information is compromised, it has the potential to cause financial harm and embarrassment to the affected individual.
More details on mitigation measures can be found in the Authentication and Credential Management Privacy Impact Assessment.
Page details
- Date modified: