Foreign Income Verification Statement (Form T1135)

Privacy Impact Assessment (PIA) summary - International and Large Business Directorate, Compliance Programs Branch

Overview & PIA Initiation

Government institution

Canada Revenue Agency

Government official responsible for the PIA

Richard Montroy
A/ Assistant Commissioner, Compliance Programs Branch

Head of the government institution or Delegate for section 10 of the Privacy Act

Marie-Claude Juneau
ATIP Coordinator

Name of program or activity of the government institution

Reporting Compliance - International and Large Business

Description of the class of record and personal information bank

Standard or institution specific class of record:
International and Large Business Income Tax Audits and Examination (CRA ILBIB 415)

Standard or institution specific personal information bank:
Tax Avoidance Cases (CRA PPU 035)

Legal authority for program or activity

Section 233.3(3) requires a prescribed form, for which we have the T1135, which requires reporting of specified foreign property held during the year.

The CRA administers the tax provisions contained in the Income Tax Act (ITA).

Summary of the project / initiative / change

The T1135, Foreign Income Verification Statement, filed by Canadian resident taxpayers who held specified foreign property during the year, will be expanded to include additional fields for new information, and as a result, additional data capture will be required for inclusion in the stand-alone Foreign Reporting Requirements Management System (FRRMS).

Risk identification and categorization

A) Type of program or activity

The information will be used for assessing the risk of non-compliance with certain provisions of the Income Tax Act, including sections 3, 9, 94, 94.1 and 94.2. It will result in auditing the income tax returns and reviewing foreign reporting information returns of certain identified taxpayers.

Level of risk to privacy: 3

B) Type of personal information involved and context

Forms will collect social insurance numbers, business numbers, or other tax identification numbers, as well as detailed financial information.

Level of risk to privacy: 3

C) Program or activity partners and private sector involvement

The CRA will handle this program without involvement from other institutions.

Level of risk to privacy: 1

D) Duration of the program or activity

The project does not have an anticipated sunset date. It is expected to become part of the on-going workload of the Compliance Programs Branch of the CRA to ensure compliance with the ITA.

Level of risk to privacy: 3

E) Program population

Only a small percentage of Canadian residents would be affected by the audit program and additional reporting requirements.

Level of risk to privacy: 3

F) Technology & privacy

The Foreign Reporting Requirements Management System (FRRMS) is being redesigned to improve its functionality and to allow the capture of the additional information now requested on the T1135. As a second phase, the FRRMS will be upgraded based on the CRA standard IT architecture in order to accept electronically filed T1135 forms for individuals commencing February 2015.

The CRA will perform automated risk assessment analyses, including personal information matching, record linkage, information filtering, and analysis.

G) Personal information transmission

Information is recorded in the FRRMS in a web-based local java application which resides under the Technology Support Division of Compliance Programs Branch Portal environment and may be accessed internally by CRA employees on a need to know basis. Information may also be printed, but it cannot be exported or copied electronically. FRRMS macro level (non-taxpayer specific) data concerning the T1135 is encrypted and transmitted to Finance Canada through File Transfer Protocol. No FRRMS data concerning the T1135 is transmitted to Statistics Canada. Information may be disclosed concerning the T1135 on a case-by-case and need-to-know basis to the province of Quebec (individual and corporate taxpayers) and the province of Alberta (corporate taxpayers only) by way of disclosure by a CRA official to alert of an assessment that results in a tax liability by virtue of the existing MOUs for purposes of tax administration.

Level of risk to privacy: 2

H) Risk impact to the individual or employee

Taxpayers are required by law to disclose their financial information where the ITA mandates it, and hence could suffer most of the above elements if their private financial information became public through data loss or misplacement.

Level of risk to privacy: up to 3

I) Risk impact to the institution

If the confidential information from FRRMS were lost, misplaced, or inadvertently leaked to the media or to external individuals in a position to benefit from the data or to cause harm with it, there would be severe damage to the reputation of CRA.

Level of risk to privacy: up to 4