Leads Program v 2.0 - Privacy impact assessment summary

Compliance Programs Branch
GST/HST Directorate
Canada Revenue Agency

Overview & PIA Initiation

Government institution

Canada Revenue Agency

Government official responsible for the PIA

Ted Gallivan
Assistant Commissioner

Compliance Programs Branch 

Head of the government institution or Delegate for section 10 of the Privacy Act

Marie-Claude Juneau

Director

Access to Information and Privacy Directorate

Name of program or activity of the government institution

Compliance

Description of the class of record and personal information bank

Standard or institution specific class of record:

Leads Program - CRA DCPB 428

Standard or institution specific personal information bank:

Leads Program - CRA PPU 423

Legal authority for program or activity

• Income Tax Act
  • 220(1) The Minister shall administer and enforce this Act and the Commissioner of Revenue may exercise all the powers and perform the duties of the Minister under this Act.
• Excise Tax Act
  • 275(1) The Minister shall administer and enforce this Part and the Commissioner may exercise all the powers and perform the duties of the Minister under this Part

The Minister of National Revenue has a mandate to administer and enforce the Income Tax Act and part IX of the Excise Tax Act.  To carry out this mandate, the Minister must collect information. While there are specific reporting obligations for taxpayers and others such as, for example, financial institutions and employers, in the two Acts, and while there are specific audit and inspection powers in the two Acts, there is no explicit provision in either statute that authorizes the Minister to collect the information needed to carry out the Minister's mandate.  In cases of non-compliance with the statutes, however, it is clear that the Minister will require information from a variety of sources to administer and enforce these Acts. The authority of the Minister to collect such information is implicit in the general language of the mandate as set our above. 

Summary of the project / initiative / change

The primary role of the Leads Program is to coordinate and review all domestic leads received from the public to assist the CRA in identifying taxpayers who are not complying with their tax obligations. The Leads Program gives the public the opportunity to come forward and anonymously report suspected cases of non-compliance with the tax laws administered by the CRA. A lead is characterized by information, in any form, that detects potential tax or benefits cheating. Leads can also be submitted by a CRA employee who has identified a taxpayer’s non-compliant behaviour in the course of their assigned duties – these are known as internal leads. Once a lead is received, it is reviewed and verified using information from CRA systems and possibly external search engines, and then sent to the appropriate CRA program for processing.  

What's new

On April 1, 2017, the Leads Program moved to the GST/HST Directorate to establish a clear vision and strategy to promote the program’s mandate in identifying taxpayers participating in domestic tax evasion, and to leverage expertise gained through collaboration with fellow Compliance Programs Branch programs. This change in reporting prompted the review of many facets of the Leads Program.

There are various key drivers behind the program changes:

• Modernization of the Leads Program: The Leads Section conducted a review of all facets of the program. Through consultations with our internal partners, the Minister’s Underground Economy Advisory Committee, and other external sources, the Leads Program aims to make enhancements to the program in order to bring it up to speed with today’s pace and technology.
• Focus and alignment with the CRA’s service culture: The Leads Program recognizes that strengthening our service culture requires changing how we do things internally and adapting how we serve people. The Leads Program is looking at ways it can elevate its service excellence to improve the public’s trust.

Scope of the privacy impact assessment

The previous PIA for the Leads Program was approved in 2011 and there has since been significant modernization to program operations. Therefore, the purpose of this PIA is to identify and assess privacy risks to personal information relating to the administration of the Leads Program activities and its related business intelligence activities. This PIA will be reviewed and updated as required. As the Leads Program and the Offshore Tax Informant Program (OTIP) are separate program administrations, the OTIP falls out of scope for the purposes of this PIA. Further, the actions that result from a lead (e.g. audits, investigations, etc.) are not in scope for this PIA. 

Risk identification and categorization

A) Type of program or activity

Criminal investigation and enforcement / National Security 

Level of risk to privacy: 4

Details:

Information provided to the CRA in the context of this program is used to identify and follow up on instances of alleged tax non-compliance. Although the majority of leads collected by the Leads Program are pursued by civil areas, a small number of leads could be referred to the CRA Criminal Investigations Programs. Nevertheless, the risk has been categorized at the highest level based on the possibility of criminal enforcement activity. 

B) Type of personal information involved and context

Social insurance number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual.

Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive. 

Level of risk to privacy: 3, 4

Details:

Personal information about the alleged non-compliant taxpayer: Most of the personal information about the alleged non-compliant taxpayer would probably fit into category 3 above since it is sensitive information that relates to assets, financial transactions, property, etc. However, a fraction of the personal information provided by a tipster about the lead subject could qualify as risk category 4 on the basis that it is essentially a suspicion or allegation about the taxpayer’s non-compliance conveyed to the CRA in confidence by another party.

Personal information about the individual submitting the lead: Information that identifies or provides clues to the identity of the individual submitting the lead could be extremely sensitive personal information, particularly in rare cases where safety is at issue. The Leads Program is committed to safeguarding confidentiality.

In order to ensure the CRA is not collecting personal information from individuals who submit leads and that they remain anonymous, the below mandatory and automated phone script is played to all callers of the tip line: 

Protecting your confidentiality is important to us. You will not be asked for any personal information and if provided, it will not be documented. To preserve your confidentiality, our calls are not recorded, and our agents’ telephones do not have call display.

The public online submission form indicates that:

You will remain anonymous. When you report suspected tax cheating (by submitting a lead), you will not be asked to disclose personal information about yourself. The protection of personal information is important, and the CRA is committed to protecting your identity. This means that the CRA will do all it can, under the law, to protect your identity along with any information that suggests you submitted a lead. Accordingly, if asked to disclose that information under a formal Access to Information Act request or Privacy Act request, the CRA will claim an exemption from such disclosure under subparagraphs 16(1)(c)(ii) of the Access to Information Act and 22(1)(b)(ii) of the Privacy Act.

Personal information about others: Information provided could include information about business associates, family members and friends of the lead subject including information that could implicate them in the non-compliance.  

C) Program or activity partners and private sector involvement

Within the institution (amongst one or more programs within the same institution)  

Level of risk to privacy: 1

Details:

Lead information is shared on a strict need-to-know basis with other program groups within the CRA, such as Audit, Non-Filer, and Criminal Investigations to assist in their workload development. 

D) Duration of the program or activity:

Long-term program

Level of risk to privacy: 3

Details:

The Leads Program is a permanent continuing CRA program with no scheduled end/sunset date.  

E) Program population

The program affects certain employees for internal administrative purposes.

The program affects certain individuals for external administrative purposes. 

Level of risk to privacy: 1, 3

Details:

The program could potentially affect any taxpayer who is the subject of the information provided to the CRA through the Leads Program. The population includes personal and business taxpayers as well as individuals associated with businesses that are the subject of allegations provided by tipsters.  It may include the taxpayer’s family members and business associates. 

F) Technology & privacy

Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?  

Risk to privacy: No

Does the new or modified program or activity require any modifications to IT legacy systems and/or services?

Risk to privacy: No

The new or modified program or activity involves the implementation of one or more of the following technologies:

Enhanced identification methods - this includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc...) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).  

Risk to privacy: No

Details: n/a

Use of Surveillance - this includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices , RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc. 

Risk to privacy: No

Details: n/a

Use of automated personal information analysis, personal information matching and knowledge discovery techniques - for the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.

Risk to privacy: Yes

Details:

Once the lead information has been captured, internal tools and systems are used to triage the information to determine whether the allegation has merit; refer to the following CRA personal information banks (PIBs):

• Individual Returns and Payment Processing PPU 005
• Corporate Returns and Payment Processing PPU 047
• Collections CRA PPU 050
• Non-Filer Compliance PPU 025
• Detection and Investigations PPU 095

Access to CRA systems is done on a need-to-know basis and is monitored through the use of computer logs by Internal Affairs.  

G) Personal information transmission

The personal information is used in a system that has connections to at least one other system.  

Level of risk to privacy: 2

H) Risk impact to the individual or employee

Details:

The Leads Program follows the Storage, Disposal, Transmittal and Transport of Protected and Classified Information and Assets Directive as set out by the CRAs Finance and Administration Branch. In the Directive, “Protected B” is defined as information that, if compromised, could cause significant injury to an individual, an organization, or the CRA whereas “Protected C” is defined as information that, if compromised, could cause extremely serious injury, such as loss of life or extremely significant financial losses (financial losses greater than $10 million), to an individual, an organization or the CRA. “Classified” is defined as information that, if compromised, could cause injury (Confidential), significant injury (Secret), or extremely serious injury (Top Secret) to the national interest. The Leads Program follows this security classification to ensure information is appropriately safeguarded.

The majority of information that the program receives can be carefully safeguarded as Protected B; in cases where the tipster expresses fear for their physical safety due to submitting their lead, the program will safeguard this information as Protected C, based on Security Requirements for Handling Protected CRA Information – Finance and Administration Manual. These are often abstract concepts to assess, as every lead file is different; the Leads Program offers training and practical examples to the NLC to assist in making an informed determination of security level at intake.