You are on page 1of 3

?

harbe Angus
~emb.er of Parliament / depute Immms-James Bay / Timmins-baie lttawa 00 Edifice La Promenade Building lttawa, Ontario
.1A OA6

~
James

ellTel: 613-992-2919 axlTelec: 613-995-0747 onstituency


I Circonscription

HOUSE OF COMMONS CHAMBRE DES COMMUNES

"
CA ADA

02 - 60 ave Wilson Ave "immins, Ontario


'4N 257

201 - 30 rue Second St Kirkland Lake, Ontario


P2N 1R1

el/Tel: 705-268-6464 axlTelec: 705-266-9125

TellTel. : 705-567-2747 Fax/Telec.: 705-567-5232

December 10th, 2013 The Honourable Kerry-Lynne D. Findlay, P.c., Q.c., M.P. Minister of National Revenue ih Floor 555 MacKenzie Avenue Ottawa ON KiA OL5

It is shocking to find out that that the Canada Revenue Agency, the agency in charge of the country's tax revenues, is incapable of telling Canadians the number of data breaches in that agency from 2002-2012 because they quite simply don't know themselves. We attach the response from Canada Revenue Agency from December 5th 2013 which states that the Canada National Revenue Agency "did not capture the information by breach in the manner and time

period requested."
It is extremely disturbing that your ministerial response to NDP MP Murray Rankin's order paper question is telling Canadians who pay their taxes that the Agency entrusted with their sensitive personal information did not have a proper system of quality control or checks in place. It is concerning that the Canada Revenue Agency compels our senior citizens to go online and do their taxes and yet you cannot guarantee them they won't lose their often sensitive data. Your ministry's response has shaken Canadian's confidence in the Canada Revenue's ability to protect some of the most sensitive information of Canadian business and individuals. If the Canada Revenue Agency is incapable of saying the number of breaches of personal information from 2002-2012 then how could the organization have possibly taken steps to mitigate harm? This response is disturbing on its own. But, you will note that every single other department was capable of answering this question in Spring 2013, even those with significantly fewer resources and capabilities. Therefore we must ask why the CRA is the only agency of government that is incapable of providing this information- especially considering how sensitive the information is that passes through CRA.

As you may recall, on May 2nd 2013 the Federal government response in the House of Commons to a question posed by MP Charlie Angus outlined the number of data breaches from 2002 to 2012 across every department. It was extremely disturbing to find out that almost 3,000 and counting privacy breaches occurred since the Conservative government took power and that 89.57% of these breaches were not reported to your office. What was possibly even more disturbing was the fact that the Canadian Revenue Agency was the only department that was incapable of responding to this simple question. We found this particularly problematic as the Canada Revenue Agency is a governmental department that handles some of the most sensitive personal information that Canadians are compelled by force of law to provide to the government. One would hope therefore that it would be more advanced in data breach management - not entirely incapable of tracking and reporting. Unfortunately, the President ofthe Treasury Board nor any associated department including CRA has to come to the Standing Committee on Ethics, Access to Information and Privacy to discuss this issue in specific since the May 2nd 2013 response. We ask that given the recent response by the Canada Revenue Agency that your office conduct an investigation considering that 1) it is a department that works with highly sensitive personal financial and other information 2) that it is a department that has been in the news on these matters but given the department's inability to respond there is no public understanding of the scope and scale of breaches that may occur in the CRA and 3) that it is pivotal the public and private sector have complete trust in the ability of the CRAto protect its private information. We would like to point you to the section of your response "a manual search of records would

have to be undertaken to extract the data, which is not possible within the prescribed timeframe." Given these new revelations we would like to at minimum request your office to
now conduct the manual search described in your December 5
th

response.

Murray Rankin MP Victoria

Aes sawer-SU!WW!l dll\l snSu'v' a!pe4)

You might also like