Scientific Research and Experimental Development Program

Scientific Research and Experimental Development Directorate,
Domestic Compliance Programs Branch

Overview & PIA Initiation

Government institution
Canada Revenue Agency

Government official responsible for the PIA
Anne-Marie Lévesque
Assistant Commissioner, Domestic Compliance Programs Branch

Head of the government institution or Delegate for section 10 of the Privacy Act
Marie-Claude Juneau
ATIP Coordinator

Name of program or activity of the government institution
Scientific Research and Experimental Development

Description of the class of record and personal information bank
Standard or institution specific class of record:
Scientific Research and Experimental Development (CRA DCPB 155)

Standard or institution specific personal information bank:
Scientific Research and Experimental Development (CRA PPU 441)

Legal authority for program or activity
Section 37 of the Income Tax Act sets out the framework for the SR&ED Program. Section 162 of the Act allows additional information to be collected and a penalty to be applied when taxpayers do not file or give certain information. Section 237 of the Act deals with collecting social insurance numbers.

Summary of the project / initiative / change

The CRA is committed to administering the Scientific Research and Experimental Development (SR&ED) program with fiscal integrity and to making sure businesses are aware of the program and can easily access it. It is important that the CRA apply the legislation correctly, consistently, and fairly so that claimants receive all that they qualify for under the program. In continuing to enhance delivery of the program, four new services / processes were implemented as described below.

Pre-claim consultation (PCC)
The Pre-Claim Consultation is a free on-demand service that potential claimants can use to find out whether their work qualifies for scientific research and experimental development (SR&ED) tax incentives before they submit an SR&ED claim.

Pre-Claim Review (PCR)
The Pre-Claim Review is a free, on-demand review. It gives businesses a determination on how much of their research and development (R&D) work is eligible and what expenditures qualify for the SR&ED tax incentives, before they file their claim.

Self-Assessment and Learning Tool (SALT)
The Self-Assessment and Learning Tool is an online self-assessment tool to help claimants better understand the eligibility requirements of the SR&ED program.

Administrative Review (AR)

The CRA is committed to providing fair treatment to all claimants of the SR&ED Program. In instances where a claimant does not agree with the findings of the review of their SR&ED claim, or if they have any concerns with how the review was conducted, they can submit a request for an administrative review. This process ensures the fair and timely addressing of claimants’ concerns.

Risk identification and categorization

A) Type of program or activity
Compliance / Regulatory investigations and enforcement 
Level of risk to privacy: 3
Details: The personal information collected is used to decide the overall risk of not complying with the Act. It is also used to administer the program. The taxpayer and the claim preparer could be charged a penalty if certain required information is incomplete, inaccurate, or missing.

B) Type of personal information involved and context
Social Insurance Number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual.
Level of risk to privacy: 3
Details: Form T661 asks for the following personal information:

The personal information collected on Form T661 and on forms T2SCH31, T2038 (IND), T1174, T1145, T1146, and T1263 falls within the definition of taxpayer information or confidential information. Therefore, it has to comply with the confidentiality provisions in section 241 of the Income Tax Act.

The social insurance number is collected when Form T661 is filled out by an individual not making a claim as a corporation (for example, a sole proprietorship). It is also collected when the claim is by a partnership the partners of which are individuals who do not have a business number. Depending on the type of partnership, its members may not have to file a Form T661 with their individual return. But, they can claim their share of the partnership’s tax credits. The social insurance number serves as a link from the partnership return to the tax return of the partner when the partner is an individual who does not file a Form T661.

Along with the above documents that have to be sent in when filing an SR&ED claim, the SR&ED Program may collect the same types of personal information that is in the supporting documents outlined in Appendix 2 of Guide T4088, Scientific Research and Experimental Development (SR&ED).

The SR&ED Program also collects personal information (that is, name, phone number, and email address) of individuals registering for online webinars and in-person information sessions, Pre-Claim Consultation Requests (PCC) and Pre-Claim Review Requests (PCR). For Administrative Reviews (AR), personal information is also collected (that is, name, business number (in the case of sole proprietorships), address, phone number, contact name, and signature). The SR&ED Self-Assessment and Learning Tool (SALT) does not collect any personal information as stated on the first page of the online SALT form.   

C) Program or activity partners and private sector involvement
Private sector organizations or international organizations or foreign governments
Level of risk to privacy: 4
Details: SR&ED program information may be shared with other federal government institutions in line with the income tax legislation. These institutions include the Department of Finance Canada (Tax Data – Evaluation and Formulation of Fiscal Policy) and Statistics Canada (statistical data). Information may also be shared with provincial government institutions in line with the memorandums of understanding that the CRA has with the provinces for administering the provincial R&D tax credits. In addition, program information is provided to Recall, a private-sector organization, in line with Contract 5500000790 between the CRA and Mobilshred Inc., operating as Recall for document transport and storage.

The CRA did a privacy protocol assessment related to Recall. It met with the Office of the Privacy Commissioner on October 6, 2011, and April 3, 2012. The CRA provided all documents (including the Request for Proposal contract with privacy clauses) to the Office of the Privacy Commissioner at these meetings.

D) Duration of the program or activity
Long-term program

Level of risk to privacy: 3
Details: The SR&ED Program has been in place since 1986. It is a long-term program with no end in sight.

E) Program population
The program affects certain individuals for external administrative purposes.
Level of risk to privacy: 3
Details: The requirements for collecting personal information under the SR&ED Program apply to all SR&ED claimants and individuals involved in the projects being claimed. That said, there is a slight variation between what personal information is required if the claim is made by a corporation as opposed to by an individual. Each year, about 20,000 T2 SR&ED claims are filed and about 4,500 T1 SR&ED claims are filed.

Since January 1, 2014, all SR&ED claimants who use a claim preparer to complete their claim have to provide additional information about the preparer.

F) Technology & privacy
Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?
Risk to privacy: No

Does the new or modified program or activity require any modifications to IT legacy systems and/or services?
Risk to privacy: No

The new or modified program or activity involves the implementation of one or more of the following technologies:

Enhanced identification methods - this includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc...) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).
Risk to privacy: No
Details: N/A

Use of Surveillance - this includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices , RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc.
Risk to privacy: No
Details: N/A

Use of automated personal information analysis, personal information matching and knowledge discovery techniques - for the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.
Risk to privacy: Yes
Details: The Business Intelligence and Risk Management Division, within the Business Intelligence and Corporate Management Directorate of the International, Large Business and Investigations Branch, is responsible for providing support services to the SR&ED Program. This includes acquiring and maintaining high-quality data, business intelligence, business analytics, and risk assessment services. As a result, the Business Intelligence and Compliance Risk Analysis privacy impact assessment covers most of the automated personal information analysis, personal information matching, and knowledge discovery techniques as they relate to the SR&ED Program.

In addition, the SR&ED Program does further analysis for file selection and business intelligence.

G) Personal information transmission
The personal information is used in a system that has connections to at least one other system.
Level of risk to privacy: 2
Details: The information on Form T661 and on forms T2SCH31, T2038(IND), T1174, T1145, T1146, and T1263 is considered to be part of the tax return (whether T1, T2, or T3). As a result, all controls that the CRA has in place for tax returns apply. SR&ED claims are received and processed by the tax centres. Eighty percent of all SR&ED claims are filed electronically, and the information on these forms is automatically loaded onto the mainframe (CORTAX). The remaining 20% of claims are entered manually at the tax centres. T2 SR&ED claims have to go through an initial risk assessment at the tax centres using an automated risk management tool and then have AIMS cases created automatically. T1 claims above a certain dollar amount threshold, claims for partnerships, and T3s are sent directly to the tax services offices for manual screening. The information in CORTAX is accessed by tax centre assessors dealing with the SR&ED Program, and the assessor looks only at whether the information on the form is complete, not whether it is correct. A preliminary risk assessment determines whether the T2 claim should be accepted as filed or sent to the tax services office for further review. This determination is automated, using the SR&ED risk management tool. The assessor does not have to provide any input. About 40% of the claims sent to the tax centres are accepted as filed based on the automated preliminary risk assessment. In addition, SR&ED staff in field offices access CORTAX to get information from Form T661, so they can do more detailed risk assessments and technical and financial reviews (audit actions) on the claims. These are recorded and stored in AIMS.

H) Risk impact to the individual or employee
Details: If an individual’s personal information is compromised, it could cause financial harm to him or her.

I) Risk impact to the institution
Details: If this information is accidentally or deliberately disclosed or compromised, it could reasonably be expected to cause the CRA to be embarrassed and to lose credibility and the public’s trust.


Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: