Individual Refund Set-off Program - Privacy impact assessment summary

Assessment, Benefit and Service Branch
Individual Returns Directorate

Overview & PIA initiation

Government institution

Canada Revenue Agency

Government official responsible for the PIA

Frank Vermaeten
Assistant Commissioner, Assessment, Benefit and Service Branch

Head of the government institution or Delegate for section 10 of the Privacy Act

Marie-Claude Juneau
ATIP Coordinator

Name of program or activity of the government institution

Tax Services and Processing

Description of the class of record and personal information bank

Standard or institution specific class of record:
Individual Refund Set-off Program
Record Number: CRA ABSB 219

Standard or institution specific personal information bank:
Individual Refund Set-off Program
Bank Number: CRA PPU 213

Legal authority for program or activity

The legislative authority to apply a tax refund or credit to a debt due to Her Majesty in the right of Canada or in right of a province or a territory is granted by subsection 164(2) of the Income Tax Act and subsection 155(1) of the Financial Administration Act.

Legal authority for the collection of the SIN is provided under Section 237 of the Income Tax Act and is used for identification purposes.

Subparagraph 241(4)(d)(xiii) of the Income Tax Act provides the authority to disclose taxpayer information solely for refund set-off purposes.

Section 61 of the Canada Revenue Agency Act allows CRA to implement agreements with other federal, provincial and territorial governments for the purpose of carrying out an activity or program administered by the CRA.

Summary of the project / initiative / change

The Individual Refund Set-Off (RSO) program was introduced as part of the government’s fiscal responsibility package in February 1992 in order to recover more funds on outstanding debts due to the Crown. It was originally limited to federal departments; however, it was expanded to include provincial and territorial governments in 1998.

Under the program, an individual’s tax refunds and certain federal, provincial and territorial tax credits may be applied ("set-off") against debts the individual owes to the Crown.  Any federal, provincial, or territorial department, agency, or Crown corporation can participate in this program, subject to the CRA’s legislative and policy requirements. The partners must enter into an official arrangement with the CRA to participate in the RSO program. These arrangements take the form of a Memorandum of Understanding (MOU).  

In order to participate in the RSO program, a potential partner must submit an application form, called a Request to Participate form.  In this form the potential partner indicates what type of debt they wish to recover, and provides legislative references to demonstrate that:

  • The debt is a debt due to the Crown, and
  • That the organization has the legal authority to use the individual’s SIN for set-off purposes, if applicable

The designated contact for the program must also certify that the organization has made reasonable efforts to collect these debts before submitting them for set-off action, that the debts are legally collectable (not statute-barred), and that no debt will be submitted until after any period of recourse or objection/litigation has expired.

This information is submitted to our legal services for review. If our legal services agree that the legislative authorities are sufficient, officials of the Service, Innovation and Integration Branch (SIIB) are advised, and they initiate the MOU process, which includes ensuring that CRA security and information sharing requirements have been met.

Once the request has been accepted and the MOU has been signed, the set-off process can be initiated.  To initiate the set-off process the partner informs the CRA of the individuals from whom they wish to recover debts, and the amounts that they wish to recover from each.  This information is transmitted to the CRA by sending an electronic file to the CRA using our secure RSO Web Application, or via File Transfer Protocol (FTP).

Once a debtor’s account has been coded for set-off action by the CRA, any tax refund or eligible credit that becomes payable to that person may be transferred to the partner to be applied against their debt, up to the amount requested by the partner.  Set-off information is sent to the partner from the CRA using the same method (secure web portal or FTP) as was used by the partner.  Funds are transferred via Interdepartmental Settlement (IS), or direct deposit (DD).

Note that a credit only becomes available for set-off action after debts the individual owes to the CRA have been paid.  Once debts due to the CRA have been paid, the CRA will apply any remaining credit to a debt the individual owes under the Family Orders and Agreements Enforcement Assistance Act, if any.  Any remaining credit will then be available for set-off purposes. Some credits are subject to a financial hardship test.  Should the taxpayer’s net family income fall below the established threshold, these credits will be paid to the individual rather than set-off.

The CRA will inform the debtor that a set-off has been processed through a verse on their Notice of Assessment or Reassessment, or via a statement of account, as applicable.  The verse will indicate the amount that was transferred, to whom it was transferred (program name) and will provide contact information for the program should the debtor have any questions related to the debt.

Partners must advise the CRA immediately if a debt has been paid in full or if an update to the amount requested is required.

If a partner does not have, or cannot use, the debtor’s SIN as an identifier, the Semi-automated Auxiliary Refund Set-Off (SAARSO) matching process is used to attempt to identify the debtor in the CRA’s database. In this case, the partner will provide the CRA with debtor information, typically the debtor’s name, address and date of birth, via file transfer protocol (FTP) with Entrust encryption software or via the RSO Web application.  The CRA’s Electronic Interjurisdictional Set-Off (EISO) system compares the information provided by the partner to the information in the CRA’s Individual Identification (IDENT) database.  If a match is found, the taxpayer’s account is automatically added to the EISO database, using the Account ID and set-off amount that was provided by the partner.

If the CRA’s algorithm cannot identify a match, the system will select up to 12 possible matches, which will be displayed to authorized employees of T1 Accounting units.  These employees will manually compare the information provided by the partner to the information in the CRA’s database and will either select the correct individual, or indicate that no match was found.

The Electronic Interjurisdictional Set-Off (EISO) system sends a report to each partner indicating for each submission whether the debtor was matched or not.  No other information is provided.

Finally, partners must make reasonable attempts to advise a debtor that a set-off action is being contemplated.  The RSO program offers an optional Notification letter service to assist our partners in fulfilling this obligation.  If this service is selected, the CRA will issue a letter to the debtor on the partner’s behalf, using Government of Canada letterhead. The letter informs the debtor of the existence of the debt and cautions them that the CRA may apply their tax refunds or eligible credits to this debt.  The letter instructs the debtor to contact the partner if they have any questions about the debt and provides contact information for the partner.  The CRA issues these letters on behalf of the partner because we are prevented by law from sharing an individual’s address information with a partner.

If the notification letter is undeliverable, it is returned to the CRA and not to the partner.  This is to ensure that the taxpayer’s address is not provided to the partner.

Scope of the privacy impact assessment

The scope of this privacy impact assessment (PIA) covers the administration of the Refund Set-off Program for individuals.

Certain compliance activities such as audits and criminal investigations are separate programs and therefore are not included.

The exchange of information under Part I of the Family Orders and Agreements Enforcement Assistance Act is included in the Individual Returns PIA

If a new initiative or a change to an existing activity is identified, this PIA will be reviewed and updated, if appropriate.

Risk identification and categorization

A) Type of program or activity

Personal information is used to make decisions that directly affect the individual (i.e. determining eligibility for programs including authentication for accessing programs/services, administering program payments, overpayments, or support to clients, issuing or denial of permits/licenses, processing appeals, etc.)

Level of risk to privacy: 2

Details: The set-off affects the administration of program payments but not the calculation of those payments; just the issuance of them. Whatever refunds are available to be disbursed to the individual from the CRA may be redirected to a partner.

B) Type of personal information involved and context

Social insurance number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual. 

Level of risk to privacy: 3

Details: The RSO program is administered through the Electronic Interjurisdictional Set-Off (EISO) system. A set-off indicator is placed on the taxpayer’s account through EISO.  The indicator includes the amount to be recovered and the program under which the debt was incurred. To place the set-off indicator on an account, we must be able to identify the debtor in our database using the information provided by the partner.  

Partners who have the legislative authority to use the social insurance number (SIN) for set-off purposes send an electronic file containing the SIN of the debtor, their program number, and the amount they wish to recover. The CRA then places the set-off indicator on the account.

Partners who do not have the SIN or lack the legislative authority to use it for set-off purposes, send an electronic file containing their program number, an account-ID, and the amount they wish to recover. The electronic file also contains some or all of the following information:

  • Surname (mandatory)
  • Given name (mandatory)
  • Middle name
  • Spouse’s surname
  • Spouse’s given name
  • Current phone number
  • Previous phone number
  • Date of birth (YYYY-MM-DD)
  • Gender
  • Marital Status
  • Address – Current, previous and/or Care Of

Using the information provided by the partners the EISO system searches the Individual Identification (IDENT) database looking for possible taxpayers who match the data provided. If a taxpayer is successfully matched, the set-off indicator will be placed on the account.

The Electronic Interjurisdictional Set-Off (EISO) system sends an acknowledgement report to the partners on all requests, either matched or rejected. No other information is provided.

C) Program or activity partners and private sector involvement

With other or a combination of federal/ provincial and/or municipal government(s)

Level of risk to privacy: 3

Details: Any federal, provincial, or territorial department, agency, or Crown corporation can participate in this program, subject to the CRA’s legislative and policy requirements. The partners must enter into an official arrangement with the CRA to participate in the RSO program. Minimal taxpayer information is exchanged between the CRA and other provincial, territorial or federal government departments.

D) Duration of the program or activity: Long-term program

Long-term program

Level of risk to privacy: 3

Details: The RSO program is a long-term program with no established end date.

E) Program population

The program affects certain individuals for external administrative purposes.

Level of risk to privacy: 3

Details: It would only affect the individuals for whom a set-off request has been received.

F) Technology & privacy

Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?

Risk to privacy: No

Does the new or modified program or activity require any modifications to IT legacy systems and/or services? 

Risk to privacy: No

The new or modified program or activity involves the implementation of one or more of the following technologies: 

Enhanced identification methods

This includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc...) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic). 

Risk to privacy: No

Use of Surveillance

This includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices , RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc.

Risk to privacy: No

Use of automated personal information analysis, personal information matching and knowledge discovery techniques

For the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.

Risk to privacy: Yes

Details: Partners who cannot use an individual’s SIN as an identifier must identify debtors using the Semi-Automated Auxiliary Refund Set-Off (SAARSO) process.

In this case, the partner will provide the CRA with debtor information, typically the debtor’s name, address and date of birth, via file transfer protocol (FTP) with Entrust encryption software or via the RSO Web application.  The CRA’s Electronic Interjurisdictional Set-Off (EISO) system compares the information provided by the partner to the information in the CRA’s Individual Identification (IDENT) database.  If a match is found, the taxpayer’s account is automatically added to the EISO database, using the Account ID and set-off amount that was provided by the partner.

If the CRA’s algorithm cannot identify a match, the system will select up to 12 possible matches, which will be displayed to authorized employees of T1 Accounting units.  These employees will manually compare the information provided by the partner to the information in the CRA’s database and will either select the correct individual, or indicate that no match was found.

The Electronic Interjurisdictional Set-Off (EISO) system sends a report to each partner indicating for each submission whether the debtor was matched or not.  No other information is provided.

G) Personal information transmission

The personal information is transmitted using wireless technologies.

Level of risk to privacy: 4

Details: CRA uses specially configured computer Web servers for any online services (e.g. RSO Web); and uses corporate firewalls to protect our Web servers from unauthorized access. Personal information is not stored on these servers; the CRA securely stores personal information on separate computer systems that are not directly accessible from the Internet.

When transmitting or retrieving personal information, partners connect via the Internet and access the appropriate Electronic Interjurisdictional Set-Off (EISO) Web server application Uniform Resource Locator (URL).

The CRA ensures that personal and financial information is encrypted when it is transmitted between a partner’s computer and our Web servers. This ensures that computer hackers and other Internet users cannot view or alter the data being transmitted.

Portable Devices: Some employees workstations are composed of CRA issued laptops in docking stations. Laptops comply to the Security for the Computing Environment Policy with Encryption and access control. Any telework done is through Secure Remote Access (SRA).  Personal information can be accessed by authorized users via these laptops.

The CRA has developed an enterprise-wide telecommuting platform that offers users secure access to the network.  The current release of this platform is Secure Remote Access (SRA) 2.0.  SRA 2.0 allows users to gain access to the CRA network anytime/anywhere that internet is available. All users are required to sign on with the Privacy Key Infrastructure (PKI) and there are clear policies and procedures to be followed.

H) Risk impact to the individual or employee

Details: If personal information is compromised, it has the potential to cause financial harm and embarrassment to the affected individual. The affected individual may also become a victim of identity theft, and their information may be used without their knowledge or consent.

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: