T3 Trust Returns Assessing v 2.0 - Privacy impact assessment summary
Individual Returns Directorate
Assessment, Benefit, and Service Branch
Overview & PIA initiation
Government institution
Canada Revenue Agency
Government official responsible for the PIA
Frank Vermaeten
Assistant Commissioner
Assessment, Benefit, and Service Branch (ABSB)
Head of the government institution or Delegate for section 10 of the Privacy Act
Marie-Claude Juneau
Director
Access to Information and Privacy Directorate
Name of program or activity of the government institution
T3 Trust Returns Assessing
Description of the class of record and personal information bank
Standard or institution specific class of record:
T3 Initial Assessment and Reassessment program
CRA ABSB 139
Standard or institution specific personal information bank:
T3 Assessment program
TBS registration: 003536
Personal Information Bank Number : CRA PPU 015
Legal authority for program or activity
Personal information is collected under the authority of section 150 and section 220 of the Income Tax Act. The Social Insurance Number is collected pursuant to 248(1) definition of graduated rate estate (c) of the Income Tax Act and is used for identification purposes.
Summary of the project / initiative / change
What is a trust?
A trust is a binding obligation, voluntarily undertaken, but enforceable by law when undertaken, created orally or by written instrument or by a court order or statute whereby the responsibility for the property real and/or personal is taken on by the trustee for the benefit of a person or persons on the instructions of the settlor, court or statute. The Trustee who has management and control of the trust, although not having physical possession of the trust assets, will be the person who has most or all of the following powers or responsibilities:
- control over changes in the trust's investment portfolio,
- responsibility for the management of any business or property owned by the trusts,
- responsibility for any banking, and financing, arrangements for the trust,
- control over any other trust assets,
- ultimate responsibility for preparation of the trust accounts and reporting to the beneficiaries of the trust, and
- power to contract with and deal with trust advisors (for example, auditors and lawyers).
A trust is either a testamentary trust or an inter vivos trust. Each trust has different tax rules. A testamentary trust is a trust or estate that is generally created on and or as a result of the death of a person. The terms of the trust are established by the will or by the court order in relation to the deceased individual’s estate under provincial or territorial law. An inter vivos trust is a trust that is not a testamentary trust.
Types of trusts
- Alter ego
- Amateur athlete trust
- Bare
- Commercial
- Communal organization trust
- Employee
- Employee benefit plan trust
- Employee life and health (ELHT)
- Graduated rate estate
- Health and welfare Hepatitis C
- Indian residential school
- Insurance segregated fund
- Inter vivos
- Joint spousal or common-law partner
- Lifetime benefit trust
- Mutual fund Non-profit organization
- Nuclear Fuel Waste Act
- Personal
- Pooled registered pension plan
- Qualified disability trust (QDT)
- Qualified environmental trust (QET)
- Real estate investment trust (REIT)
- Retirement Compensation Arrangement (RCA)
- RRSP, RRIF, RDSP or RESP trust Salary deferral arrangement (SDA)
- Specified investment flow-through (SIFT)
- Spousal/common-law partner trust Tax-free savings account (TFSA)
- Testamentary
- Unit trust
A trust must file a return, and any related schedules and statements, if income from the trust property is subject to tax, and in the tax year the trust:
- has tax payable;
- is requested to file;
- is resident in Canada and has either disposed of, is deemed to have disposed of, a capital property, or has a taxable capital gain;
- is a non-resident throughout the year, and has a taxable capital gain or has disposed of taxable Canadian property;
- is a deemed resident trust;
- holds property that is subject to subsection 75(2) of the ITA;
- has provided a benefit of more than $100 to a beneficiary for upkeep, maintenance, or taxes for property maintained for the beneficiary’s use; or receives from the trust property any income, gain, or profit that is allocated to one or more beneficiaries, and the trust has: total income from all sources of more than $500; income of more than $100 allocated to any single beneficiary; made a distribution of capital to one or more beneficiaries; or allocated any portion of the income to a non-resident beneficiary.
The T3 return is filed as both an income tax return, which calculates tax liability, and an information return, which reports amounts allocated and designated to beneficiaries. A trust can also apply for a trust account number.
The T3 Trust Returns Assessing Program includes assessing and reassessing the following income tax trust returns: T3-RET, T3 ATH-IND, T3D, T3F, T3GR, T3M, T3P, T3PRP, T3QDT, T3RI, and T3S. This review checks whether all amounts on the return are supported by the required documents and verifies the accuracy of calculations of the amounts reported on the documents.
The program is also responsible for:
- Analyzing proposed and announced federal, provincial, and territorial legislative changes that affect the processing of T3 returns;
- Developing policies and procedures for T3's relating to identification, assessing and reassessing;
- Monitoring and reporting on T3 activities such as service standards and program results both internally to CRA and externally to other government departments;
- The (re)assessment of various T3 Trust Income Tax and Information Returns.
Additional information concerning Trust income tax is available on the CRA’s website at: canada.ca/en/services/taxes/income-tax/trust-income-tax.
What’s new
As a result of the tabling of a new provincial action plan on tax havens and aggressive tax planning, the CRA now shares with the Ministère des Finances du Québec (MFQ) the same data file we currently share with Revenu Québec (RQ). This additional data would provide them with tools to better analyse international taxation and tax planning questions, and announce eventual legislative adjustments on this matter. The data requested is:
- T3 – Statement of Trust Income Allocations and Designations: the information on the slips for trusts and beneficiaries residing in Quebec
- T3 – Summary of trust Income Allocations and Designations
- T3 RET – Trust Income Tax and Information Return
Scope of the privacy impact assessment
The scope of this privacy impact assessment includes those sections of the T3 (re)assessing program for resident and non-resident returns that fall within the above description, including the application of the 162(7) late filing penalty which is applied in those cases where the T3 return acts only as an information return.
Certain compliance activities such as identifying non-filers, audits and criminal investigations are separate programs and therefore are not included.
Risk identification and categorization
A) Type of program or activity
Administration of Programs / Activity and Services
Level of risk to privacy: 2
Details: Personal Information is used to determine a trust’s tax payable, penalties, interest, or refund, and is reflected on a notice of assessment or reassessment. Penalties include the application of the 162(7) late filing penalty which is applied at the assessing stage in those cases where the T3 return acts only as an information return. The 162(1) penalty is determined and applied at the accounting stage of the assessment. All other penalties related to trusts are determined by other compliance programs.
The information is also used for statistical analysis to enhance and improve services administered by the CRA.
B) Type of personal information involved and context
Social insurance number, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual.
Level of risk to privacy: 3
Details: The personal information collected is used in the context of income tax assessments and reassessments including limited validations of these assessments. Most of this information fits into category 3 since it relates to an individual’s information from the return such as SIN, trust account number, date of birth, address, and financial information.
C) Program or activity partners and private sector involvement
Private sector organizations or international organizations or foreign governments
Level of risk to privacy: 4
Details: The exchange of taxpayer information mainly occurs between the T3 Trust Returns Assessing program and other CRA departments. The CRA also provides aggregate information for the purpose of validating tax collection under tax collection agreements with the provinces and territories. Aggregate information is also shared with provincial governments for the purpose of formulating or evaluating fiscal policy.
Additionally the CRA contracts a private sector organization for record storage. Lastly the T3 Trust Returns Assessing Program contracts other federal government departments for the printing of certain types of T3 (re)assessment notices.
D) Duration of the program or activity: Long-term program
Long-term program
Level of risk to privacy: 3
Details: This is a long-term core-CRA program with no clear sunset.
E) Program population
The program affects certain individuals for external administrative purposes.
Level of risk to privacy: 3
Details: The program affects individuals involved in a trust that files a return. This could include the settlor (the person setting up the trust), beneficiaries of a trust and trustees which can include an executor, administrator, assignee, receiver, custodian or liquidator who owns or controls property for some other person, and their representatives.
F) Technology & privacy
Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?
Risk to privacy: No
Details: N/A
Does the new or modified program or activity require any modifications to IT legacy systems and/or services?
Risk to privacy: No
Details: N/A
The new or modified program or activity involves the implementation of one or more of the following technologies:
Enhanced identification methods
This includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc...) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).
Risk to privacy: No
Details: N/A
Use of Surveillance
This includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices , RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc.
Risk to privacy: No
Details: The program does not involve the use of surveillance on the program population.
However, as part of CRA security program, CRA employees that will have access to personal taxpayer information will be monitored by the use of audit trails.
The audit trails are used to verify that only an authorized user accesses personal information and to ensure that access can be linked to specific individuals to support the investigation of suspected or alleged misuse.
Every time CRA employees log in on their computers, a notice pops up requiring employees to acknowledge that they are aware that all access to CRA networks is monitored and that access is on a need-to-know basis. This information is already described in the standard personal information bank Electronic Network Monitoring Logs PSU 905.
Use of automated personal information analysis, personal information matching and knowledge discovery techniques
For the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.
Risk to privacy: Yes
Details: The activities listed below involve various elements of personal information and a certain measure of automated technology:
- Record Linkage
- Identification information is linked with sub-ledger identification information.
- Information Reconciliation
- Personal information (financial information) stored on the ATS, OLINT, AutoIntcal, and Subledger is reconciled when the assessment process is finished. This is done on a weekly basis.
G) Personal information transmission
The personal information is transmitted using wireless technologies.
Level of risk to privacy: 4
Details: When the return is filed electronically (Internet File Transfer/Submit Docs), the personal information can be transmitted by the trust to the CRA using wireless or non-wireless technology. That information is then stored in various CRA systems and databases.
The personal information from paper-filed returns (mailed or faxed) is keyed into various CRA systems and databases.
The Personal information is pulled from the CRA’s mainframe system and sent to other Agency areas using file transfer protocol, often by means of Entrust encryption software. Limited amounts of personal information are also shared internally within CRA by means of wireless devices.
H) Risk impact to the individual or employee
Details: A compromise of personal data has the potential to cause financial harm such as identify theft or fraud and/or embarrassment to the individual.
Page details
- Date modified: