Specialty Business Returns Program

Privacy Impact Assessment (PIA) summary – Specialty Business Returns Program
Business Returns Directorate, Assessment, Benefit, and Service Branch

Overview & PIA Initiation

Government institution

Canada Revenue Agency (CRA)

Government official responsible for the privacy impact assessment (PIA)

Frank Vermaeten,
Assistant Commissioner,
Assessment, Benefit, and Service Branch

Head of the government institution or Delegate for section 10 of the Privacy Act

Marie-Claude Juneau,
Director of the Access to Information Directorate,
Public Affairs Branch

Name of program or activity of the government institution

Tax Services and Processing

Summary of the project / initiative / change

Overview of the program or activity
The Specialty Business Returns program includes the administration of a variety of taxes and charges that are outside of the scope of income tax and goods and services tax (GST). The six main lines of business are:

1.    RE - Excise taxes:

Levy return
The Levy return is used to report the information and revenue data for clients who are endorsed to collect levies applied to commodities such as:

Imposed under Parts II to VII (the non-GST/HST portion) of the Excise Tax Act.

2.    RN – Excise taxes:
B241 - Broker return
The Broker return is used to report the number of insurees for whom the broker has obtained policies. These policies must have been obtained through a company whose home office is outside of Canada. The Broker return is an information return only.

B243 - Insuree return
The Insuree return is used to report the tax charged on insurance policies obtained by individuals from a company who act as agents or sell insurance policies from foreign insurance businesses.

Imposed under Parts I of the Excise Tax Act.

3.    RD - Excise duty:

RD -Duty accounts:
The Duty return is used to report the information, revenue and inventory data for clients who are endorsed to produce, package, or warehouse wine, spirits, tobacco products and for Duty Free Shop. Excise duty is a manufacturing/production tax and is not associated with the duty collected when you cross the border.

Imposed under the Excise Act, 2001.

RD - Excise duty:
Beer is also a Duty return but imposed under the Excise Act.

4.     RG - Air travellers security charge:
Imposes a security charge on Domestic, Trans-border and International enplanements.

Paid by the travellers to the registered air carrier who remits the charge to CRA.

Effective April 1, 2002, the Federal Government introduced an Air travellers security charge to fund air security expenses. This charge will be paid by air travellers and will be collected by air carriers or their agents when the airline ticket is purchased or when boarding an airplane at a listed airport in Canada. The rates and listed airports can be located on CRA webpage.

The B249, Air travellers security charge Return is filed by all RG participants.

Imposed under the Air travellers Security Charge Act.

5.    SL - Softwood Lumber products export charge:

Imposes an export charge on Softwood Lumber products exported to the USA

Paid by the exporter of record who remits the charge to CRA

Imposed under the Softwood Lumber products export charge Act, 2006.

6.     RZ - T5013 – Partnership Information Return

A partnership can be formed between individuals, corporations, trusts, or other partnerships, in any combination. A partnership is usually the relationship between persons who carry on a business in common with the belief they will make a profit. You can have a partnership without a written agreement. Each partner files an income tax return to report his or her share of the partnership's net income or loss.

The partnership information return is used to report any fiscal data about the allocation of net income, losses and other amounts from the partnership's activities to its members. It is also used by specified investment flow through (SIFT) partnerships to calculate the tax payable under Part IX.1.

The partnership itself receives a Business Number (BN), not each partner.

Imposed under the Income Tax Act (ITA).

Additional information concerning the specialty business returns program is available on the CRA’s website at:

Excise taxes, duties and levies

T5013 Partnership Information Return filing requirements

Scope of the privacy impact assessment

The scope of this privacy impact assessment (PIA) covers the assessment of returns, rebates and refund applications, elections, and registration of businesses associated with the Specialty Business Returns program.

Certain compliance activities such as audits and criminal investigations are separate programs and therefore are not included.

Activities related specialty returns are constantly changing. Therefore, when a new initiative or a change to an existing activity is identified, this PIA will be reviewed and updated accordingly.

Description of the class of record and personal information bank

Standard or institution specific class of record: Title and record number: CRA ABSB 228

Standard or institution specific personal information bank: CRA PPU 224

Legal authority for program or activity

Personal information is collected pursuant to section 150 and section 220 of the Income Tax Act, subsection 229(1) of the Income Tax Regulations under the authority of Section 221 of the Income Tax Act, subsections 5(2) and 5(3) of the Excise Tax Act, section 78 of the Excise Tax Act, section 36 of the Excise Act, section 160 and 161 of the Excise Act, 2001, section 17 of the Air Travellers Security Charge Act, and section 26 of the Softwood Lumber Products Export Charge Act, 2006.

Risk identification and categorization

1) Type of program or activity

Administration of Programs / Activity and Services

Level of risk to privacy: 2

Details: The personal information collected is used for the administration of the activities related to Specialty Business Returns (e.g. identification purposes, processing returns, refunds and rebates, elections, and providing support to clients) in order to assess Excise Duty, Excise Tax, ATSC, Softwood Lumber, and T5013 Partnership returns, refunds, and rebates.

All Specialty Business returns, refunds and rebates, may be subject to audits’ selection criteria.

2) Type of personal information involved and context
Social Insurance Number (SIN), medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual.

Level of risk to privacy:

Details: Personal information collected can include the following: name, contact information, financial information, social insurance number, and signature. Personal information collected from taxpayers can include the following: name, contact information, SIN and signature.

3) Program or activity partners and private sector involvement

With other or a combination of federal/ provincial and/or municipal government(s)

Level of risk to privacy: 4

Details: Specialty Business Returns program information is shared with business and individual tax program processing systems and applications across various branches and divisions of the CRA, as well as provincial partners. Data is cross referenced between programs on a need to know basis for program administration and enforcement purposes. Ultimately, the purpose is to encourage full disclosure of business activity, and encourage compliance with all program reporting and remitting requirements. All paper copies of returns, refunds and rebates are stored by a third party (Iron Mountain) for the duration of their retention period.

4) Duration of the program or activity

Long-term program

Level of risk to privacy: 3
Details: The Specialty Business Returns program is an existing long-term program with no anticipated sunset date.

5) Program population

The program affects certain individuals for external administrative purposes.

Level of risk to privacy: 3

Details: The Specialty business returns program affects businesses and certain individuals, who have filed a return, rebate, or elections related to the Specialty Business Returns program. Individuals that are affected file XE8 refund applications based on the type of claiming ‘Individual with permanent mobility impairment’. We also collect the information from insured individual, on the Excise tax return (B243), which can include name, telephone number and signature. Personal Information is also collected on the T5013 SCH 50 for Individuals who are listed as partners on the T5013 return (SIN and Name). Personal information is also collected from individuals who file return, refund, and rebate applications on behalf of business that they represent. Including, Excise Duty, Excise Tax, ATSC, Softwood Lumber accounts.

6) Technology & privacy

Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?

Risk to privacy: No

Is the new or modified program or activity require any modifications to IT legacy systems and/or services?

Risk to privacy: No
The new or modified program or activity involves the implementation of one or more of the following technologies:

Enhanced identification methods - this includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc...) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).

Risk to privacy: No


Use of Surveillance - this includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices , RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc.

Risk to privacy: No


Use of automated personal information analysis, personal information matching and knowledge discovery techniques - for the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.

Risk to privacy: Yes

Details: SBR has a system functionality that will link with the T1 system to confirm if a social insurance number (SIN) provided on the T5013 return - SCH 50, is a valid SIN as well the system will confirm if the SIN provided is of a deceased taxpayer. The functionality will not confirm the SIN against the taxpayer, it will only validate if the SIN is a valid number.

When an SBR return is captured in the Other Levies System (OLS), there is a call to the Business Number System (BNS) to verify that the Business Number (BN) is valid. If the BN is not valid, a warning message will display in OLS.

7) Personal information transmission

Level of risk to privacy: 4

Details: Information received from taxpayers via hard copies is data captured directly into the Other Levies System (OLS).

T5013 Partnership Information Returns can be submitted to CRA via My Business Account (MyBA), Represent a Client (RAC), or Internet File Transfer after receiving a Web access code. Information is transferred to the OLS via a secure connection.

Some headquarters staff have access to the mainframe on laptops encrypted with Secure Remote Access (SRA).

The OLS is a part of the Business suite which includes the following systems: Standardized accounting (SA), Business client communication system (BCCS), Business Number System (BNS), etc… Certain personal information that is collected for the SBR program, and is captured in the OLS is shared with the other systems in the business suite.

8) Risk impact to the institution

Details: Protecting privacy and confidentiality are paramount to the CRA administration of the Specialty Business Return program. A breach on either side - either the tax filers’ personal information or certain aspects of the program’s business rules and operating procedure - could negatively affect the Agency’s strategic outcome to ensure taxpayers meet their obligations and Canada’s revenue base is protected. Negative media attention and decreased public confidence can influence compliance behaviour.

9) Risk impact to the individual or employee

Details: There could be a significant risk of financial harm to the individual should there be a breach of personal information.


Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: