Monitoring of Electronic Access to Taxpayer Information v3.0
Security Branch
Security Services Directorate
On this page
- Overview & Privacy Impact Assessment Initiation (PIA)
- Summary of the project, initiative or change
- Risk identification and categorization
Overview & Privacy Impact Assessment (PIA) Initiation
Government institution
Canada Revenue Agency
Government official responsible for the PIA
Harry Gill
Assistant Commissioner and Agency Security Officer
Security Branch
Head of the government institution or Delegate for section 10 of the Privacy Act
Steven Morgan
Director General
Access to Information and Privacy Directorate
Name of program or activity of the government institution
Travel and Other Administrative Services
Standard or institution specific class of record:
Security
PRN 931
Standard or institution specific personal information bank:
Monitoring of Electronic Access to Taxpayer Information
CRA PPU 718
TBS Registration Number: 20180024
Legal authority for program or activity
Personal information collected, used, disclosed and stored by the Agency is governed by the following legislation:
- Paragraphs 30(1)(a) and (d) of the Canada Revenue Agency Act
- Paragraphs 51(1) (f), (g) and (i) of the Canada Revenue Agency Act
- Section 220 of the Income Tax Act
- Section 237 of the Income Tax Act
- Subsection 241(1) of the Income Tax Act
- Section 241(4)(h) of the Income Tax Act
- Sections 8 of the Excise Act 2001
- Section 275 of the Excise Tax Act
- Subsection 295(2) of the Excise Tax Act
- Paragraph 295(5)(g) of the Excise Tax Act
- Section 19 of the Softwood Lumber Products Exports Charge Act
- Subsection 84(2) of the Softwood Lumber Products Exports Charge Act
- Section 10 of the Children’s Special Allowances Act
- Section 11 of the Children’s Special Allowances Act
Summary of the project, initiative or change
Overview of the Program or Activity
As part of the Canada Revenue Agency’s (CRA) Integrity Framework, the Security Services Directorate of the Security Branch serves to enhance CRA’s ability to prevent, monitor, detect, and manage breaches of integrity.
The program mandated to address misuse is the Monitoring of Electronic Access to Taxpayer Information which provides the Agency with a centralized and consistent approach to the administration, analysis, and reporting of monitoring of employee electronic accesses to taxpayer and other similar information.
Any Agency system processing taxpayer information must capture or record user activities of all employee accesses to taxpayer information in order to support the requirements specified in the Acts and Regulations administered by the CRA.
The Monitoring of Electronic Access to Taxpayer Information leverages tools to support the detection and management of fraud and unauthorized accesses on its systems. One of the tools’ main solutions has considerably changed the manner in which the end-user activities are monitored within CRA. Using business intelligence, the solution enables the proactive identification of questionable user activities, using detection models and data matching, along with increased ability to perform trend and pattern analysis, provide reports, and other responses to enquiries that sustain modern risk management. The solution uses information about the employee for more effective and accurate detection functions, as well as for creating cases in the case management functionality. Personal information will be used behind the scenes for data matching purposes. Other information will be used in the case management component of the solution.
What’s New
The Agency is leveraging a system, the main engine for the management of accounts within existing solutions, to ensure that all accounts are created in accordance with security requirements and are linked to an individual. Any account created outside the system will be detected as an anomaly and reported as a rogue account for remediation. The system has the capacity to disable/delete accounts of users based on various conditions and triggers.
Since 2017, the Monitoring of Electronic Access to Taxpayer Information has been using the main solution to support the detection and management of fraud and unauthorized accesses on CRA systems. It is recognized as a critical asset when user actions to CRA systems are involved. In order to assist in identifying the possibility of collusion or corruption, the Monitoring of Electronic Access to Taxpayer Information requires investigative tools to be able to analyse and identify linkages between potential fraudsters that will not be apparent in user transactions on CRA systems. Employees involved with the Monitoring of Electronic Access to Taxpayer Information were provided access to a product that would assist in detecting risks of collusion and corruption as a compliment to the main solution’s capacity to flag user actions that appear suspicious. By collecting and organizing information, and mapping relationships and commonalities between individuals flagged by the solution, items can be more easily identified, more effectively confirming the possibility of CRA systems misuse or not.
The product’s data would assist the analysis of information generated by the main solution. It leverages advanced technology that will:
- Utilize advanced identity and relationship resolution software technology to expose and visualize the intricate webs of relationships and linkages that form a network of interest;
- Integrate external and internal data in ways that have never been done before; and
- Provide headquarters business researchers and analysts control over the risk assessment environment by providing them with the capability to modify existing risk algorithms and implement new ones.
New sources of personal information
The Monitoring of Electronic Access to Taxpayer Information may also leverage the product in situations where allegations of employee misconduct have been brought forth through a mechanism other than the main solution, for example, allegations sent by management, anonymous tips, information from law enforcement agencies or other government departments, etc.
In addition, a data and analysis team was created to leverage the use of data analytics and business intelligence based on known cases of attempted fraud, previous allegations, and inappropriate behaviour which will assist to uncover new methods of detecting the risk of internal fraud. BI reports that highlight anomalies may also leverage the use of the product to look at relationships in the identified pattern or trend.
Scope of the Privacy Impact Assessment
The PIA approach adopted by the Treasury Board Secretariat (TBS) is iterative in nature and advises that PIA updates should be undertaken at various milestones throughout a project's development life cycle. The methodology and approach outlined in the TBS’ Directive on Privacy Impact Assessment, and in the Office of the Privacy Commissioner’s Expectations: A Guide for Submitting Privacy Impact Assessments to the Office of the Privacy Commissioner of Canada, were used as the basis for this document.
This PIA focuses on the monitoring of employee electronic accesses to taxpayer and other similar information through the main solution and other tools.
Completion of this PIA involved:
- Meetings with the CRA representatives.
- Review of TBS publications such as CRA’s submission to Information about Programs and Information Holdings (formerly Info Source)
- Review of legislation and policies pertaining to CRA’s programs; and
- Review of process documents pertaining to the Monitoring of Electronic Access to Taxpayer Information and the implementation of the main solution.
Out of scope of the privacy impact assessment
- The investigations into allegations of employee misconduct that may be carried out by the Agency’s Investigations Program is not addressed in this PIA;
- Where fraudulent actions contravene the Criminal Code of Canada or the Financial Administration Act, other corrective measures may be taken by the Agency leading to criminal investigations and prosecution by other investigative bodies (i.e. RCMP). While the potential outcomes of these cases will be referred by CRA for investigation purposes, the actual investigations themselves are considered to be out of scope of this PIA; and
- The Agency provides Revenu Québec (RQ) with the transactions/accesses made by their employees to CRA systems but no other information is added, and no detection models are applied on these transactions. RQ is responsible to monitor the accesses made by their employees to CRA systems. For this reason, the monitoring of employee accesses to taxpayer and other similar information by RQ is considered to be out of scope of this PIA.
Risk identification and categorization
A) Type of program or activity
Compliance / Regulatory investigations and enforcement
Level of risk to privacy: 3
Details:
administration of its tax and benefit programs. Any Agency system processing taxpayer information must capture or record user activities. These records must determine who has accessed taxpayer information on any Agency system during a given period of time and what was accessed.
The Monitoring of Electronic Access to Taxpayer Information program ensures that accesses to taxpayer information are in accordance with an employee’s workload and duties, and to detect possible unauthorized and suspicious activities.
CRA policies and directives determine the Agency’s approach to managing the risk of internal fraud and misuse, and establishes effective measures for preventing and detecting internal fraud and unauthorized access where applicable. This may include corrective measures which, result in disciplinary action against an employee where an act of fraud has been committed (e.g., termination of employment). The solution enables the proactive identification of questionable user activities in CRA systems using business intelligence, detection models and data matching, along with increased ability to perform trend and pattern analysis, provide reports, and other responses to enquiries that sustain risk management and allow the Monitoring of Electronic Access to Taxpayer Information Program to identify unauthorized access, potential fraud or misuse. The product tool’s role in the context of the solution is to collect and organize information from different internal and external databases. Among other things it maps relationships and commonalities between individuals. These links can help determine whether an alert, generated by the solution, actually has merit for further analysis.
In some cases, where fraudulent actions contravene the Criminal Code of Canada or the Financial Administration Act, other corrective measures may be taken by the Agency leading to criminal investigations and prosecution by other investigative bodies (i.e., RCMP). While the potential outcomes of these cases will be referred by CRA for investigation purposes, the actual investigations themselves are considered to be out of scope of this PIA.
B) Type of personal information involved and context
Social insurance number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual.
Level of risk to privacy: 3
Details:
It is necessary to maintain a record of all accesses to taxpayer and other similar information to support the requirements specified in the Acts and Regulations that the Agency administers. In this regard, both employee and taxpayer and other similar information are collected.
Internal systems feed directly into the solution in order to detect and flag questionable activities.
C) Program or activity partners and private sector involvement
With other federal institutions
Level of risk to privacy: 2
Details:
The monitoring of electronic access to taxpayer and other similar information is an internal activity administered within CRA. However, supplemental information will be obtained from systems owned by the Public Services and Procurement Canada.
D) Duration of the program or activity
Long-term program
Level of risk to privacy: 3
Details:
The monitoring of electronic access to taxpayer and other similar information is an ongoing Agency activity with no expected sunset date.
E) Program population
The program affects certain employees for internal administrative purposes.
Level of risk to privacy: 1
Details:
The monitoring of employee electronic accesses to taxpayer and other similar information is conducted in order to ensure that accesses were in accordance with their workload and duties. The program will only impact those employees with electronic access to taxpayer and other similar information.
F) Technology & privacy
- Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?
Risk to privacy: No - Does the new or modified program or activity require any modifications to IT legacy systems and/or services?
Risk to privacy: No - Does the new or modified program or activity involve the implementation of one or more of the following technologies?
Enhanced identification methods - this includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc.) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).
Risk to privacy: No
Use of Surveillance - this includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices, RFID, surreptitious surveillance/interception, computer aided monitoring including audit trails, satellite surveillance etc.
Risk to privacy: Yes
Use of automated personal information analysis, personal information matching and knowledge discovery techniques - for the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.
Risk to privacy: Yes
G) Personal information transmission
The personal information is transferred to a portable device or is printed.
Level of risk to privacy: 3
Details:
The solution data is comprised of the live capture of CRA network traffic from applications and supplemental data through file transfer processes.
The solution considerably changes the manner in which CRA’s personnel involved in the Monitoring of Electronic Access to Taxpayer Information identify and analyze questionable end-user activities. The solution enables the proactive identification of questionable user activities using business intelligence, such as detection models and data matching, along with increased ability to perform trend and pattern analysis, provide reports (electronically with the possibility to print), and other responses to enquiries that sustain modern risk management.
H) Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee
Details:
The sensitivity of information utilized through the Monitoring of Electronic Access to Taxpayer Information Program is considered Protected B. Unauthorized use or disclosure of this information could result in loss of privacy, severe personal financial injury and or embarrassment to the employee and/or the taxpayer.
Page details
- Date modified: