CRA workers fired for roles in privacy breaches
OTTAWA — The Canada Revenue Agency says eight of its employees were fired in the last fiscal year after violating taxpayers’ privacy.
Previously, the agency has not always confirmed if an employee was fired or shuffled out of the CRA for being part of a privacy breach, often citing the employee’s privacy.
A spokesperson for the agency says the employees in each case were found to have had unauthorized access to taxpayer information, including one incident that the CRA calls the largest such breach in the agency’s history.
In that case, one employee improperly accessed the accounts of 1,264 taxpayers.
All of the firings took place between April 2016 and March 2017, the federal government’s fiscal year.
All of the incidents were also reported to the federal privacy commissioner as required on federal government policy because they involve sensitive personal information that could be used to cause “serious injury or harm” to the individual, or involved a large number of affected individuals.
“The CRA takes the protection of Canadians’ tax information very seriously. The confidence and trust that individuals and businesses have in the CRA is a cornerstone of Canada’s tax system,” agency spokesperson Patrick Samson said.
The agency has looked to crack down on internal privacy breaches years after Canada’s privacy watchdog released a critical audit of how the CRA controlled access to personal information.
The privacy watchdog made 13 recommendations in 2013 in areas including monitoring of employee access rights, threat and risk assessments for IT systems and ensuring the privacy impacts of new programs are evaluated.