Offshore Tax Informant Program (OTIP) – Privacy impact assessment summary (previously entitled International Paid Informant Program)

International, Large Business and Investigations Branch
Offshore and Aggressive Tax Planning Directorate
Canada Revenue Agency

Overview & PIA Initiation

Government institution

Canada Revenue Agency

Government official responsible for the PIA

Ted Gallivan
Assistant Commissioner
International, Large Business and Investigations Branch

Head of the government institution or Delegate for section 10 of the Privacy Act

Marie-Claude Juneau
ATIP Coordinator

Name of program or activity of the government institution

International, Large Business and Investigations

Description of the class of record and personal information bank

Standard or institution specific class of record:
International and Large Business Income Tax Audits and Examination CRA ILBIB 415
Standard or institution specific personal information bank:
Offshore Tax Informant Program CRA PPU 411

Legal authority for program or activity

Subsection 220 (1) of the Income Tax Act:
“The Minister shall administer and enforce this Act and the Commissioner of Revenue may exercise all the powers and perform the duties of the Minister under this Act.”

Summary of the project / initiative / change

The 2013 Budget announced the CRA’s intention to launch an initiative to encourage individuals to provide relevant information to CRA identifying instances of international tax evasion and avoidance. Through the Offshore Tax Informant Program (OTIP), the CRA will enter into contracts with informants to provide financial rewards when the information that they provide to the CRA leads to the assessment and collection of significant additional taxes arising from international tax non-compliance. The program will be quite similar to the Informant Leads Program; however, it will target significant international tax avoidance and it will feature a financial reward.   

OTIP’s primary objective is to encourage the participation of the public in the identification of major international tax non-compliance. The program will do this by offering graduated incentive rewards of from 5% to 15% of the additional federal tax assessed and collected to individuals who come forward with credible information that leads directly to the assessment and collection of additional taxes in such cases. Among other requirements, there is a basic threshold; to qualify for reward the lead must result in the collection of $100,000 in additional taxes.

The initiative is similar to the existing Informant Leads program, but with a specific international focus and a contract-based incentive reward.

In terms of scope, this PIA is limited to the activities that relate to the collection of information from informants, the initial checks to assess the merits of the lead, whether they meet program criteria, the eligibility of the informant for reward, the development of recommendations for review by an Oversight Committee comprised of senior CRA managers, the initiation of contracts with informants, the monitoring of the progress of OTIP files through established CRA review processes, such as audits, non-filers and investigations, which may or may not culminate in (re)assessments, appeals, or collection activity.

Excluded from the scope of this PIA are established programs and activities such as audit, non-filers and investigations that conduct the detailed reviews of approved leads, except to the extent that particularly sensitive personal information collected in the context of the OTIP program, such as informant identity, is shared with these programs. In other words, OTIP-initiated reviews of taxpayer files will be processed in the same way as any other taxpayer file. Informant identity would only be disclosed to these programs in rare cases and in accordance with criteria that satisfy ITA s.241 and Privacy Act s. 8(2).

Risk identification and categorization

A) Type of program or activity

Criminal investigation and enforcement / National Security

Level of risk to privacy: 4


Information provided to the CRA in the context of this program is used to identify and follow up on instances of alleged tax non-compliance. Even among the small number of leads that meet all of the program criteria and qualify for reward payments, most will be treated as civil audits. While a small number of leads could be referred to the CRA criminal investigations programs, the OTIP program is intended to focus primarily on programs and activities that have administrative consequences. Nevertheless, the risk has been categorized at the highest level based on the possibility of criminal enforcement activity.

B) Type of personal information involved and context

Sensitive personal information, including detailed profiles, allegations or suspicions, biometrics, and/or the context surrounding the personal information is particularly sensitive

Level of risk to privacy: 4


Personal information about the alleged non-compliant taxpayer:  Most of the personal information about the alleged non-compliant taxpayer would probably fit into category 3 above since it is sensitive information that relates to assets, financial transactions, property, etc. However, a fraction of the personal information provided by an informant about the taxpayer could qualify as risk category 4 on the basis that it is essentially a suspicion or allegation about the taxpayer’s non-compliance conveyed to the CRA in confidence by another party. The unauthorized disclosure of such allegations or findings could cause harm to the taxpayer’s reputation.

Personal information about the informant: Information that identified or gave clues to the identity of the informant in the context of the OTIP could be extremely sensitive personal information, particularly in rare cases where the safety of the informant was at issue. In extremely rare cases, injury might include severe physical harm even loss of life.  

Personal information about others: Information provided by informants could include information about business associates, family members and friends of the subject taxpayer including information that could implicate them in the non-compliance and adversely affect reputations.

C) Program or activity partners and private sector involvement

Within the institution (amongst one or more programs within the same institution)

Level of risk to privacy: 1


Program activity will be largely confined to the OTIP employees. Information will be shared on a need-to-know basis with other program groups within the CRA, such as Audit, non-filers, and Criminal Investigations.

The initial analysis of leads will be conducted within Offshore and Aggressive Tax Planning Directorate (OATPD) by a small number of designated employees.  This analysis may involve consultations with subject matter experts, foreign investment auditors. These consultations will be done without sharing informant identity; however, the taxpayer identity may be shared in certain circumstances.

Each informant that provides a lead will be informed that the information provided may be used in any of the CRA programs and will not be limited to the OTIP. This will take into account issues related to notice, consent and PIB content.

Limited case file data will be packaged into a report/recommendation and provided to the senior Oversight Committee for approval/acceptance. This will not include the informant’s identity except in rare circumstances where the committee has a “need to know” to consider the case particulars. Acceptance by Oversight Committee triggers the OTIP to arrange a contract with the informant. Limited personal data related to informants in approved lead case files will be used for purposes of setting up a contract with informant. Case by case – involvement of Legal Services.

Limited information on approved lead case files may be routed for review/action by other CRA specialists. Case information will be routed to established CRA program divisions including but not limited to -- Non-filers, Voluntary Disclosure Program, Audit, and a small number to Criminal Investigations. Regardless of whether these review activities are organized within the OTIP or not, the program will not share information about informants except in extremely rare cases and in accordance with strict criteria that satisfy PA s.8 (2) and ITA s.241. The development of these criteria is currently in progress.  

All of the above-described activity is internal to the CRA.

D) Duration of the program or activity: Long-term program

Level of risk to privacy: 3


The OTIP will become a permanent continuing CRA program with no scheduled end date.

E) Program population

The program affects certain individuals for external administrative purposes.

Level of risk to privacy: 3


The program will affect a small number of taxpayers who are the subjects of the information provided to the CRA by informants under the OTIP program. The population will include personal and business taxpayers as well as individuals associated with businesses that are the subject of allegations provided by informants.  It may include the taxpayer’s family members and business associates. The population would also include the confidential informants who provide information to the CRA under the program and, in some cases, their representatives.

F) Technology & privacy

Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?

Risk to privacy: No

Does the new or modified program or activity require any modifications to IT legacy systems and/or services?

Risk to privacy: No

The new or modified program or activity involves the implementation of one or more of the following technologies:

Enhanced identification methods - this includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc...) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).

Risk to privacy: No

Details: n/a

Use of Surveillance - this includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices , RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc.

Risk to privacy: No

Details: n/a

Use of automated personal information analysis, personal information matching and knowledge discovery techniques - for the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.

Risk to privacy: Yes


Once it has been determined that the basic program criteria have been satisfied and the lead is eligible for further consideration under the program, an official in the OTIP office will conduct more detailed analysis by comparing details about the alleged non-compliance provided by the informant to details and data related to the taxpayer in the CRA files and systems (PPU 005, PPU047, PPU 025, PPU 095, and PPU 205) as well as information available to the CRA in other public data sources. Authority for these activities is the same as the authority cited for the program, i.e., subsection 220(1) of the Income Tax Act and part IX of the Excise Tax Act.

Risk assessment tools that use aggregate data will be used. This information is restricted through the use of user identification, passwords and need-to-know. Access to mainframe information is monitored through the use of computer logs. The CRA would be using the systems and tools available to conduct checks and analysis on all taxpayer files to determine whether the lead should be rejected or referred to the Oversight Committee for contract, and subsequently to Audit, or to other areas within the CRA such as, Non-filers, Large File audit or Criminal Investigations.

G) Personal information transmission

The personal information is transferred to a portable device or is printed.

Level of risk to privacy: 3

Details: Based on the importance of protecting the identities of confidential informants, the program intends to collect information using mostly non-automated modes. Information will be transmitted within the CRA based on Security Requirements for Handling Protected CRA Information – Finance and Administration Manual. The CRA electronic data including data on the CRA tax files of the alleged non-compliant taxpayer and other aggregate risk assessment data will be analyzed and compared to verify and validate the information received from the informant.

H) Risk impact to the individual or employee

Details: Reputation harm, embarrassment, loss of credibility. Publicity about a failure by the CRA to manage sensitive personal information that had been provided voluntarily to the CRA in the context of the OTIP program would likely cause embarrassment to the institution and have an impact on overall credibility. It would likely also cause prospective informants to lose trust in the CRA. This would reduce their willingness to come forward with information, despite the prospect of a reward. In other words, it could impact the success of the program and the ability of the CRA to access a promising source of tax revenue. In a rare, worst-case scenario, an unauthorized disclosure of personal information could result in severe harm to a confidential informant.  If that happened because of a failure by the CRA to safeguard the information, and assuming that there was publicity, there would be decreased confidence by the public in the CRA’s ability to manage sensitive information. This would put the Minister and senior officials into the spotlight and cause embarrassment to the organization.

I) Risk impact to the institution

Details: Physical harm. While not all of the information received, used and transmitted internally will be information that could identify an informant in context, there remains a possibility that disclosure of such details could have very serious consequences such as serious injury to an informant, in rare cases possibly even death.

 It is expected that most of the information the program will receive can be carefully safeguarded as Protected B; in cases where an informant expresses fear for their physical safety or otherwise could be at risk of retribution (e.g. related to organized crime), the program will safeguard this information as Protected C, based on Security Requirements for Handling Protected CRA Information – Finance and Administration Manual.

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: