Accounting for Law

CRA doesn't know what it shared improperly with spy agency


OTTAWA – The federal revenue agency says it doesn't know what sort of taxpayer information a rogue employee improperly shared with the Canadian Security Intelligence Service because CSIS has wiped the files from its database.

The Canada Revenue Agency told The Canadian Press that the employee who handed over the sensitive data — doing so even though CSIS lacked a judicial warrant — is no longer with the department.

The agency refused to disclose whether the person was fired or left voluntarily, citing privacy reasons.

And it is not clear if the taxpayers whose information was compromised were ever notified of the improper sharing.

The Security Intelligence Review Committee, the watchdog that keeps an eye on CSIS, revealed last week in its annual report that the spy and revenue agencies repeatedly breached the rules.

Questions were first raised by the Federal Court, prompting CSIS to ask the review committee to look into the matter.

After concerns emerged, there were assurances the sensitive revenue agency information had been purged from a CSIS database when, in fact, it was still there, the review committee's report says.

CSIS spokeswoman Tahera Mufti says the information is now “deleted from CSIS databases.''

“It should be noted that none of the information received from the CRA was shared beyond CSIS,'' she added.

As a result, revenue agency spokesman Philippe Brideau said, it is unclear what was passed to the spy agency in the first place. “The CRA is unable to determine the details of the information that was shared with CSIS as it was removed permanently and in its entirety from CSIS systems.''

Brideau suggested the deletion also made it impossible to notify taxpayers.

Mufti declined to say whether CSIS had done so. She also would not reveal what sort of information the spy service got from the revenue agency.

Toronto tax litigation lawyer David J. Rotfleisch tells AdvocateDaily that the CRA is supposed to keep all data confidential, and taxpayers have the right to expect privacy as specifically provided for in the Taxpayer Bill of Rights.

Although the law allows co-operation with other authorities, Rotfleisch calls a release like this “completely unacceptable.”

“CRA does not seem to be taking any responsibility for its actions or even to be attempting to notify the taxpayers affected of the privacy breach. They have not stated that they have contacted the former employee to attempt to learn the identity of the taxpayers whose data was released,” says Rotfleisch, founding tax lawyer at Rotfleisch & Samulovitch Professional Corporation.

“While CSIS is quoted as saying they have reminded their employees of the need for warrants, no such action has been taken by CRA. Furthermore, CRA is not even advising if it has dismissed the employee or taken any disciplinary action, ironically citing privacy concerns,” he adds.

The review committee report said CSIS management issued a “stern reminder'' to employees of the need for a warrant to collect taxpayer data, but the committee concluded that may not be sufficient.

Mufti said while she could not confirm or deny any “internal disciplinary measures that might have been taken,'' CSIS maintains “robust policies and procedures, clearly defining our roles and responsibilities.''

“We continue to actively educate and train our staff on the latest updates on our policies.''

The federal privacy commissioner is looking into the improper sharing.

"What we can tell you at this time is that we were aware of this issue and we have been examining it,'' said spokeswoman Valerie Lawton, who was not in a position to provide more details.

- With files from

© 2016 The Canadian Press

To Read More David Rotfleisch Posts Click Here
Lawyer Directory
BridgePoint Financial Services (post to 5.31.19)Toronto Lawyers Association (post to 6.30.19)MKD International (post until Sept. 30/19)Feldstein Family Law (post until May 31/19)Legal Print & Copy Inc.Morrow Mediation Lawrence ForstnerAchkar Law