HRPD Committee Meeting

STANDING COMMITTEE ON HUMAN RESOURCES DEVELOPMENT AND THE STATUS OF PERSONS WITH DISABILITIES

COMITÉ PERMANENT DU DÉVELOPPEMENT DES RESSOURCES HUMAINES ET DE LA CONDITION DES PERSONNES HANDICAPÉES

EVIDENCE

[Recorded by Electronic Apparatus]

Wednesday, November 4, 1998

• 1533

[Translation]

The Chair (Ms. Albina Guarnieri (Mississauga East, Lib.)): The meeting will come to order. I'd like to thank you for being here. I asked the Auditor General of Canada to come and meet the members of the committee this afternoon to discuss a most troubling matter concerning how far we can trust the social insurance number system. This most important problem has to do with false identities.

[English]

It affects the public both as taxpayers through the defrauding of social services, and as individuals through identity fraud that destroys credit ratings and so on. We are already aware of how SIN numbers have been used to allow people to work illegally in Canada, to obtain fraudulent health cards, EI benefits, welfare, old age security, as well as everything from cell phones to credit cards, and the list goes on. Clearly, we have an obligation to protect taxpayers and consumers from criminals who use SIN numbers to invade people's lives.

I would ask Mr. Desautels to offer his advice on how the current situation can be remedied. We look forward to your presentation.

Mr. L. Denis Desautels (Auditor General of Canada): Thank you very much, Madam Chair. My colleagues an I are pleased to have this opportunity to appear before your committee today to discuss chapter 16 of our September 1996 report on the management of the social insurance number. I am accompanied today by Mr. David Rattray, Assistant Auditor General; and Maurice Laplante, who participated very actively in the actual work that led to the writing of this chapter.

• 1535

In chapter 16, Madam Chair, we pointed out that the social insurance number has become the gateway to a multitude of federal and provincial programs. The SIN is used to identify and gather information on taxpayers and social program recipients, to verify entitlement to certain types of pensions and benefits, and to match and exchange data among programs. The SIN was originally intended for use as a file number for unemployment insurance, Canada Pension Plan and Quebec Pension Plan clients. Today over twenty federal statutes, regulations and programs authorize the use of the SIN. Its use has also expanded to provincial social programs and to the private sector.

Roles and responsibilities with regard to the SIN are shared among various federal departments and agencies. Human Resources Development Canada issues SINs, maintains the social insurance register, and investigates suspected abuses. The Treasury Board is responsible for the policy and guidelines that govern the collection and use of the SIN. The Office of the Privacy Commissioner investigates complaints about the SIN. Finally, the Department of Justice responds to general inquiries from the public on the private sector's use of the SIN.

The social insurance register is managed in Bathurst, New Brunswick, and about one million cards are issued from there each year. Annual operating costs are about $7 million, $2 million of which are collected from applications for replacement cards. The remaining $5 million in costs is divided among the main users of the SIN: Revenue Canada, the Canada Pension Plan, the Quebec Pension Plan, and the employment insurance account.

[Translation]

Madam Chair, the audit uncovered a number of weaknesses in the management of the social insurance number. Birth and death information on SIN holders is not always complete and accurate. For example, there are nearly 4 million more social insurance numbers than there are Canadians aged 20 or older. Moreover, 11.8 million numbers have not been certified; valid SIN cards are held by thousands of individuals with no legal status in Canada.

Since the mid-1990s, the branch responsible for the Social Insurance Register has been receiving information from Revenue Canada, Citizenship and Immigration Canada, the Canada Pension Plan and the Régie de l'assurance-maladie du Québec. However, these sources of information are not being fully exploited and more could be done to obtain information from vital statistics bureaus in the provinces.

The weaknesses found are detrimental to the proper management of social programs. They may lead to errors, abuse and fraud and, collectively, the impact could be sizeable. There is an urgent need for action in order to protect the public funds and taxpayers.

The Minister of Human Resources Development, the Honourable Pierre Pettigrew, accepted our recommendations. He has stated that his department has already begun improving the integrity of the information contained in the register, and that the department is working with provincial governments to improve the situation.

[English]

Another reason I am concerned about the widespread use of the social insurance number is that it undermines privacy protection. I believe it is time to review the current roles, objectives and uses of the social insurance number. The government should determine what it wants to do with the SIN, and should study other possible options at the same time.

I also believe it's essential that Parliament play a major role in debating these issues and in finding a satisfactory solution. The committee may wish to consider recommending that Parliament clarify, through the appropriate committees, the roles, objectives and uses of the social insurance number. Parliamentarians could then debate the other possible options and could clearly set out the appropriate levels of integrity of the social insurance register and of privacy protection.

Madam Chair, that concludes my opening remarks. My colleagues and I would be very pleased to answer the committee's questions.

[Translation]

The Chair: Thank you. We'll start the first round of questions.

Ms. Ablonczy.

[English]

Mrs. Diane Ablonczy (Calgary—Nose Hill, Ref.): Thank you, Madam Chair.

I'd like to thank you, Auditor General. This was a remark of stunning brevity. We can tell you're not a politician. I've never wrapped up a subject that quickly, and I doubt my colleagues have either.

• 1540

I think the crucial thing that you mention is in point 12. You suggest that the role of the committee may be in coming to some conclusions with respect to the roles, objectives and uses of the social insurance number. As a starting point, since you and your colleagues are expert witnesses, I wonder whether you might comment on the adequacy of the current role, objectives and uses of the number a little more fully. Perhaps you could tell us how you might make some limitations on those if you were making recommendations, or perhaps you could expand the current list that we're dealing with.

Mr. Denis Desautels: Well, Madam Chair, in a sense, that's a loaded question. I think our chapter tried to describe the multitude of roles that the SIN has now been used for, starting with the CPP and expanding to 24 different statutes—I think it's 24—at this point in time, and that's only talking about the federal government. The federal government, directly or indirectly, has also encouraged the use of the SIN in the private sector. For instance, a SIN number is required when people cash in Canada Savings Bonds. And that's just one example. Through that, the financial institutions have in fact expanded the use of the SIN. As you know, provinces and municipalities have also made wider and wider use of it.

The actual use of the SIN has grown over the years. It has become something a lot more than what government and Parliament initially intended. Why has this happened? Is there a problem of roles here? As I mentioned, there are a number of departments involved in the whole subject, but you cannot necessarily pin down responsibility on one department. There isn't really a lead player as such. HRDC has a very important role, but so does the Treasury Board Secretariat, and not only in terms of the uses of the SIN but in other data-matching activities around government.

I think this is a problem that will require a government-wide response. I really find it difficult to charge, let's say, one specific department with correcting the whole problem. But it's not unique to the SIN. There are many other government programs in which departments have to work together to find a government-wide solution, and I think this is one of those.

I don't think there is anything particularly wrong with the current sharing of responsibilities for the SIN. I think what is needed is some kind of clear direction to the main players that they have to get together and find solutions to the problems that we've raised and to other problems that you may wish to see corrected.

Mrs. Diane Ablonczy: To be maybe a little more specific, you talked about the use of social insurance numbers. You didn't get into this very much in your report, but you are obviously aware that everyone in the public service in this decade was given a thing called a PRI, or a public records identifier. Also, everyone in the armed forces was given a service number. Both of these programs were implemented at great cost, but there was clearly a feeling that there needed to be some kind of personal identifier and that the social insurance number was not the appropriate one. This other parallel scheme was therefore put into place.

• 1545

So I wonder if you could comment on whether it is appropriate to have more than one number, be they a SIN number and a personal records identifier, or something else. We're just struggling with what the appropriate use of a social insurance number would be, and where we might need to have other numbers to fill in other gaps.

Mr. Denis Desautels: Madam Chair, I think a good case can be made for having some kind of common identifier, and this surely helps the administration of certain government programs. Now, it has been difficult to develop full acceptance of that because of concerns particularly on privacy, so there has been a tendency to develop individual identifiers, as the honourable member just indicated. One also has to wonder whether or not that's the most efficient way to go.

There's a delicate balance between efficiency on the one hand and protection of privacy on the other hand. There are probably solutions, because there are other countries that are looking at exactly the same dilemma. At the present time, though, the current situation is really the worst of both worlds. We have a social insurance number over which we have very poor control, so it's not very effective in terms of the management of the various programs for which it's being used. At the same time, because it's being poorly managed while its use is growing and growing, it's really causing problems with those concerned with privacy issues.

[Translation]

The Chair: Mr. Crête, you have the floor.

Mr. Paul Crête (Kamouraska—Rivière-du-Loup—Témiscouata—Les Basques, BQ): Thank you for your document which is of high quality, just as all the work that the Auditor General's Office usually puts out.

I would simply like to remind you of what you stated in the main points because I think the crux of the problem is there.

From the outset, the SIN was the subject of intense parliamentary interest and debate. The controversy focussed largely on the implications of a potential extension of its use to become a universal identifier.

According to the wording of your recommendation, in paragraph 12, I come to the conclusion that the same debate is still ongoing and that experience confirms that this possible expansion of the use of the SIN did, in fact, happen. I'd like you to get back to that a little later.

You also say, and that's another thing I'd like to check with you, that those are not the two main elements. In this paragraph, there's the matter of debating other possible options. In point 9, you mention Mr. Pettigrew's department: "He has stated that his department had already begun improving the integrity of the information contained in the Register." I wonder about that "he stated". Does he mean that the employees of the department would have to explore whatever measures were taken concerning the present register? At that point, it's not the principle of the SIN that's being questioned in its entirety, but rather the way it is being managed at present. I'd like to have your opinion on that point but, before that, I'll conclude with an example.

I have a photocopy here—and I'm sorry for the poor quality of the definition—of a card put out by the Department of Human Resources Development. This is not a social insurance card; it's a card that is handed out when people turn 65. The social insurance number is on it and people are invited to use it to obtain all possible commercial advantages.

In other words, people who have reached 65 are being encouraged to use this card as proof of age, for discounts and so on. Now, each time you show it to a cashier or anyone else, you're letting them see the social insurance number that's written on it and anyone can just record. The fact that the Human Resources Development Department is itself guilty of such abuse shows very well that control has been lost.

My last question, related to the previous one, to do with that, has to do with the bill on electronic trade that Parliament now has before it. Isn't there a very direct link between the social insurance number, the use that is being made of it in management terms and the bill on electronic commerce?

• 1550

If this bill is implemented in the present context, it will allow very broad, not to say aberrant, use of that information. What you'll be able to learn on anyone, using that person's SIN, is rather impressive.

Mr. Denis Desautels: Madam Chair, the first point raised by Mr. Crête had to do with the broadening use of the SIN. We in fact agree, and I think that everyone agrees on that point. We're witnessing broader use of it, not only within the federal apparatus, but also at other levels of government and within other Canadian jurisdictions and even within the private sector.

In fact, it is tremendously useful in the private sector. As an example, I received a letter of complaint, last week, where someone said they were forced to divulge their social insurance number to rent an apartment. In other words, you couldn't even make an application to rent the apartment without divulging it. So people are being forced to use it more and more. In fact, the social insurance number has become a universal identification number, or just about.

Mr. Paul Crête: You recognize that the problem goes beyond the jurisdiction of the Human Resources Development Committee. What you're saying in paragraph 12 affects several departments.

Mr. Denis Desautels: In effect, in my statement, I recommended that the appropriate committees examine the problem. Without having totally examined all the terms of reference of each committee, I presume that the subject can go beyond the terms of reference of the Human Resources Development Committee. I think that, broadly speaking, everyone agrees on the general finding that has just been made.

Then, you mentioned paragraph 9 of my statement, where I mention what the Minister stated himself.

Mr. Paul Crête: And the management of the Registry.

Mr. Denis Desautels: Yes. In fact, in everything we're saying, you will find two levels of recommendations. At the first level, you have those things that can be improved immediately. No matter what is decided in the long term, I think some things should be tightened up immediately.

As for the second level, you'll find the broad policy questions concerning what should eventually be done with all this. If I've understood the Minister's statement correctly, he has made a commitment— In fact, he stated that he had already started correcting some of the first level problems that we noted.

However, as is the habit with us, we'll go back to the department to check up on how our recommendations were followed and how the department actually implemented things with a view to reporting to Parliament within two years on whatever progress was accomplished.

As for the last point raised by Mr. Crête, Madam Chair, that mainly had to do with the bill before Parliament at this time and on the whole matter of electronic commerce—

Mr. Paul Crête: In the context of the SIN.

Mr. Denis Desautels: —I would perhaps like to delay my answer on that. I will simply say that we are now completing an examination on electronic commerce that we will be reporting on in our report to Parliament that will be tabled on December 1.

So I will simply answer the committee by saying that we are working on the issue, if you will, Mr. Crête, and that we will give an account to Parliament in our next report.

Mr. Paul Crête: Does your study include a recommendation to gather information about everything Quebec has done to protect personal information in the private sector as compared to what is in the present bill, or is it of a more general nature?

Mr. Denis Desautels: Madam Chair, this is something rather general. As a matter of fact, our study was not specifically aimed at the present bill, but rather at security measures to be applied in electronic commerce.

• 1555

The Chair: Thank you, Mr. Dubé.

Mr. Jean Dubé (Madawaska—Restigouche, PC): Thank you very much, Madam Chair and thank you, Mr. Desautels, for your presentation and for being readily available to this committee.

What you said today raises many questions for me. It is very upsetting to see how our social insurance number is being abused.

I'll refer to paragraph 9, where you state:

The Minister of Human Resources Development, the Honourable Pierre S. Pettigrew, accepted our recommendations. He said that his department has already begun improving the integrity of the raw data contained in the Register.

In addition, I read in this morning's Globe and Mail an article in English:

[English]

Interviews with officials from Human Resources Development Canada, Justice Canada, Industry Canada and the Office of the Privacy Commissioner show that none of the departments have even come forward to take responsibility for SIN reform.

[Translation]

So there is an obvious contradiction, and I think this is deplorable.

Let us come back to the issue of the card. Would the solution be to hire more investigators and increase the fines for fraud?

Do you think, Mr. Desautels, that access to our social insurance numbers has become too easy?

We also had problems, as you know, with health insurance numbers; non-Canadians are using health insurance cards in Canada. It seems like there is a pattern of abuse developing with our cards.

However, do you really think that

[English]

we must overhaul the card system,

[Translation]

or should we hire more investigators?

Mr. Denis Desautels: Madam Chair, I'll answer Mr. Dubé's first question, and I will ask my colleague, Mr. Rattray, to complete my answer.

Several things can be corrected quite quickly if there is a will to do so, if it is considered important enough to be done. In our chapter, we wanted to point out problems and the importance of correcting some of them.

As you said, in a certain way, the social insurance number or social insurance card eases the access to many government programs and to certain private sector transactions. Thus it is important to correct these weaknesses as quickly as possible. It's costing money to both the public and the private sector. In a way, it also constitutes a kind of theft of personal data, as sometimes happens when a number is substituted for someone else's.

I think that the leaks in the system can be plugged, at least as far as we can see now. But it will not solve some more basic problems regarding the extent to which the social insurance number is used inside and outside of government.

However, I think the first level problems can be corrected. You can get birth and death information from provinces, for instance, and then remove the numbers that should be removed. I also think that it's possible to have better monitoring of temporary permits as they are issued, and to follow up on them. So, all this can be done, if there is a will.

I am hopeful that this will be corrected shortly.

[English]

David, do you want to answer that?

• 1600

Mr. David Rattray (Assistant Auditor General, Audit Operations Branch, Office of the Auditor General of Canada): Madam Chairman, I'll be brief and touch on three quick points.

The first one deals with follow-up in terms of where we feel the department has moved or not moved. Basically, the day of tabling, the minister stood in the House and said “I've already begun action on improving the integrity of the system”. That was only just a few weeks ago, so we have not gone back at this point, as Mr. Desautels mentioned. We will monitor this, but we have not done so in the last few days.

There was a point made to put more investigators into this. It's a concept that is being looked at again, particularly in terms of the social insurance number. Currently, the performance indicators put out by the department deal primarily with cost savings, so they deal a lot with the employment insurance account, CPP, and others, where there are quick dollar turnarounds for direct fraud for misuse, misstating, misrepresentation of earnings or employment periods, and so on.

In terms of the response, we were pleased to see that the department will re-examine its performance indicators and perhaps move away from just simply cost savings to deal more with the issues we report on—the misuse of the social insurance number.

The third point is they also responded to our report, and I trust they've begun action in terms of looking at how to tighten up the proof of identity for new applicants that go beyond simply a birth certificate.

The Chairman: Thank you.

Mr. Dubé, one quick question.

Mr. Jean Dubé: I have a short question. In this article as well it says, in the Auditor General's report:

Fraud artists are making millions of dollars with fake cards— and the data base is unreliable. It has active files for 311,000 Canadians aged 100 or over, even though almost all of them are dead.

You seem to have the information on this. It's here on paper. What can we do? I think the question is for Mr. Rattray. What has the department done on these 311,000 non-existent Canadians?

Mr. David Rattray: Madam Chair, it's difficult for me to speak to what the department has done within the last few weeks. I don't mean to duck the question, but it would probably be more appropriate if they answered directly on that.

The Chair: We will be hearing from the department at a later date.

Mr. David Rattray: I know they were concerned about the figures we generated. We took the 33 million database and ran a computer program of our own against this, compared the results with Statistics Canada data, and produced the differences or the gaps, which I know they've been taking very seriously and working on. Specifically, on the steps that today and last week they're working on, I would prefer if they tried to address that.

The Chair: Thank you.

Mr. Godfrey.

Mr. John Godfrey (Don Valley West, Lib.): Thank you, Madam Chair.

I want to make sure I've got the first principles in place. The first question is, in your estimate, the problem of efficiency, abuse, cost-effectiveness is so acute that you believe there is an urgency to do something about it now. Would that be a fair comment? This can't go on drifting.

Mr. Denis Desautels: I think immediate action has to be taken on a number of fronts.

Mr. John Godfrey: Secondly, in terms of who is to take the action, I understand from what the minister said in the House that I am to ignore the Globe and Mail article; that, as you say in your point 9, the minister has fully accepted responsibility for answering to your suggestions and has started to take action. So in order to move ahead, it would really very much be an HRD lead. It's not that it would exclude Treasury Board and Justice and all the others, but someone has to bell the cat, and it would be your estimate that it would be HRD to do that. Would that be a fair comment? Someone has to do it?

Mr. Denis Desautels: Madam Chair, HRDC runs the register. Basically, what we're talking about is the integrity of the register, and I think they're on the front line on that one and they can take action.

Mr. John Godfrey: They've accepted responsibility, so there's no impediment there.

• 1605

On the question Mr. Dubé raised, though, I have reread your chapter, and I'm not sure that at the end of it I come away with a clear conclusion from you whether, to achieve the efficiency results that you would have us achieve, your view is that apart from cleaning up the existing system, you could only go so far with that. Or is that enough, versus bringing in a new system? You don't seem to pronounce on that, or perhaps I have missed something. Which would your preference be, actually, given your understanding of how embedded we are with the current system?

Mr. Denis Desautels: In our chapter, this is really, at the end of the day, a question that we're putting to members of Parliament. What we're saying is you should clean up the system, and you can clean up the system to quite an extent. But even if you do that, you still have to recognize that the use of the SIN has grown quite a bit beyond what was intended initially, so you still have a problem to deal with.

Now, how do you solve that problem? Do you solve it by withdrawing back to the initial intent of what SIN was to be, or do you go in the other direction and create this universal identifier? That's a very fundamental policy question that I think members of Parliament have to agree on. The privacy commissioner would also have very strong views as to what the preferred option ought to be.

Again, I think you have a system in place that needs fixing.

Mr. John Godfrey: If you fixed it according to the suggestions you've made, would you handle most of the problems? Would you be a much happier Auditor General if that were in place and you wouldn't be feeling that this was such an urgent matter, or would there still be a number of residual problems that could not be resolved by fixing the existing system, of such urgency and heft that you would want us to—

Mr. Denis Desautels: If you cleaned up the system and ended up with a database that met, let's say, our tests of integrity, of accuracy, you would have cured a lot of our concerns. Most of the things we deal with in this chapter deal with the accuracy and the integrity of the database itself.

There are still some problems left, though, and those deal with the extended use or the extent of use that you want for this little piece of paper or this little card.

Mr. John Godfrey: Thank you.

The Chair: If I could quickly interject, further to the idea of the database and the clean-up of the database, have you done any cost-benefit analysis of what that would mean for taxpayers at the end of the day, such as a verification program with cost savings for taxpayers?

Mr. David Rattray: Madam Chair, we haven't done a direct cost analysis of cleaning up this database. I would say, however, if you look at the benefit side, we reported just case examples at the federal level in the chapter that add up to at least $33 million in one very narrow point in time. So I would say, without having tried to anticipate a cost study ourselves, that the benefits are enormous, and these are just examples. I think it was almost impossible to try to come up with a number that could clearly state that this is the outer bounds of the enormity of the losses to the federal government and provincial and municipal governments. So, no, we didn't do a cost study.

I think it all ties back to our original point that there is a need to see whether or not this is the database, this is the current SIN number that should be used, or as the interdepartmental and intergovernmental working group is suggesting, there may be other options to explore.

The Chair: Thank you.

Mr. Johnston.

Mr. Dale Johnston (Wetaskiwin, Ref.): Thank you, Madam Chair. I'd like to thank the Auditor General for his presentation here today.

• 1610

You said in your opening remarks that there are several departments involved with the social insurance number and that you didn't really see too much of a problem in that. But maybe you'd like to comment on the fact that because there are so many departments involved, there doesn't seem to be anywhere the buck really stops.

It's fine for the present minister to say he's willing to shoulder the load and look into it, but I don't think there's anything that obliges him to do so. Perhaps you'll say that's a loaded question as well, but I'd like to hear your comments on that.

Mr. David Rattray: Madam Chair, if I could start off on that one, what the minister stated in the House the day we tabled was that his department had already initiated action dealing with the integrity of the database of the registry, and as the Auditor General reported earlier, that clearly is within the parameters of the Minister of HRDC.

Where you get into a multiple set of roles, as we describe in our report, it deals with the roles and the objectives and fundamental concepts upon which an account is used either as a national identifier, or something replaces it.

I would simply say that the minister is dealing with the integrity of the database and all the work that is needed to get that into an acceptable range of tolerance of data. That is being currently worked on.

I think the bigger issue is to bring all the other players in, and there is no lead department or agency currently tasked with bringing those together and carrying it forward as a government position to be put before parliamentary committees such as this one to have a debate.

Mr. Dale Johnston: I certainly have a problem with the use of the social insurance number as a sort of universal identifier, and I have on many occasions refused store clerks who have asked me for the use of my social insurance card to cash a cheque, for instance, or something of that sort.

My understanding was that the original intent of it was to identify you for pension entitlements and Revenue Canada. A lot of people are asked for the thing, and they simply turn it over without asking any questions.

I wonder if you could tell us what is being used at present in the United Kingdom or the United States, rather than the SIN, to be a sort of universal identifier.

Mr. David Rattray: Madam Chairman, perhaps I can start off with that, and I'll ask my colleague Mr. Laplante to elaborate if needed.

In exhibit 16.10 on page 16-30 of our report, we indicated that there is an internal study, done on behalf of HRDC, that the federal-provincial-territorial working group has produced as recently as January of this year, which really looks at a number of countries that are listed in that table. They vary in terms of acceptance of use of a common client identifier. I would venture to say that probably the countries that are the most advanced, if memory serves me right, would be Belgium, with what is called the “Brussels model”, and second is probably France.

Other countries listed in that study have attempted to develop common client identifiers and have either scaled them back or discontinued those efforts, many of them on the argument of privacy concerns. I don't know if you want me to be more specific than that in terms of the United States and the current practice there.

Mr. Dale Johnston: Could you very briefly touch on what they use in the United States?

Mr. David Rattray: Perhaps I'll ask my colleague Mr. Laplante to answer that.

[Translation]

Mr. Maurice Laplante (Director, Audit Operations Branch, Office of the Auditor General of Canada): Madam Chair, various things have been tried in different countries. In different countries they have tried to have a common identifier. Some countries have done it quite broadly, and others have only applied that to certain types of programs.

• 1615

So, in Great Britain, they studied the possibility of setting up and implementing common identifiers, but they quickly realized that this option had to be rejected. In Great Britain, they chose to improve the integrity of the current system and to keep it.

In the United States, the same option was also studied. There they also tried different things. They tried to see if it was possible to extend its use to other sectors aside from social welfare. But, currently, they seem to want to keep to the latter.

[English]

The Chairman: Thank you.

One short, quick question, Mr. Johnston.

Mr. Dale Johnston: Thank you, Madam Chairman.

It would seem to me that with any system you use, any card that has a series of numbers on it, whether it's your credit card, whether it's your social insurance card, or whether it's a common identifier, there's going to be a huge potential for fraud. That's something the integrity of which you must guard very closely.

The Chairman: Thank you, Mr. Johnston.

Mr. Wilfert.

Mr. Bryon Wilfert (Oak Ridges, Lib.): Thank you, Madam Chair.

I thank the Auditor General for coming. Sorry I missed the beginning, but I did read your comments.

Clearly, Canadians want a system they have confidence in, a system in which they know there's integrity. From reading the report and reading your comments, there's clearly a lack of understanding by the public as to the purpose of the SIN card. That's clearly evident by people asking for the card at times when it's certainly not required. Clearly, we've identified that it's gone well beyond the original intentions.

There was a commercial a few years ago that said “pay me now or pay me later”. I guess my view is that we can either fix it or we can rebuild the system. I don't know whether it's fixable, personally.

I am always concerned about abuse. On the one hand, it's trying to strike a balance in this country between the amount of information we need for very legitimate purposes and the amount of information we give out. I personally think we give out far too much information about ourselves, and that's a concern.

On the other hand, I don't know—and obviously it's not your job to tell us—how to fix it. But clearly there are too many cooks here. Within the federal government we have so many players. We also have information, which may or may not be accurate, coming from the provinces. When people die, they don't turn in their SIN card before they die, so obviously there's a lapse there.

Mrs. Brenda Chamberlain (Guelph—Wellington, Lib.): We could start that: you can't die unless you hand in your card.

Mr. Bryon Wilfert: I don't want to put words in your mouth, but when I look at the agreement the provinces had, except for Quebec—on October 27 they signed a new framework for sharing social assistance information under the present system, under the present legislation—that's probably going to open up even more abuses, in my view.

In Quebec, when they issued new health cards, 75,000 people didn't reapply. Obviously we know why.

So I would favour that probably we need to rebuild the system. I don't know, it may be the only project we deal with, because this is a massive undertaking. But I don't think we can afford, quite frankly, to fix something that I think is broken.

I think you've outlined this very clearly, and the Minister of Human Resources clearly has accepted your recommendations, but he cannot, and he should not, in my view, do it alone. The question then comes down to political will: Do we have the will to start down that road and finish the journey? Because if we're going to start it, we had better make sure we finish it.

I think you've outlined some very important issues here. Given the current additional sharing of information under the existing privacy legislation, we're doing a lot of talking about this, and the provinces and the federal government are talking about it, and it's not, in my view, a political issue. It's an issue of making sure that at the end of the day Canadians feel they have a system they can trust, whether it's dealing with SIN cards or any other kind of information that governments handle.

You know, in the United States there are about 10 to 15 active files on every American. That bothers me. I don't know how many there are in Canada, but one is probably too many.

• 1620

I don't know whether I have a question or whether I'm just frustrated. We're not in the finger-pointing business. I think we're in the business of saying everybody is prepared to take some action. The question is we need to have a game plan and we need to get started very quickly.

I guess the question I could ask you is do you think—and maybe this is an unfair question—it is fixable, from what you have reviewed, or should we really be looking at a new model, not saying what the model is?

Mr. Denis Desautels: Madam Chair, I think quite a few of the issues we have raised are fixable if there's a will to do that and people realize the importance of doing that and restoring the integrity of the database itself. I assume that's where the minister is at. I think he is committed to fixing the register itself so it's a reliable database.

You're right, this does not deal with the broader question. I therefore think options have to be put to you and the rest of Parliament as to what the choices are and what the costs and the benefits of these choices are, and compare that to the status quo of fixing and leaving it almost as is. That's one of the messages we have in our chapter. There's a need to involve parliamentarians in this greater debate. I think if we do nothing we end up, as I said earlier, with the worst of both worlds: we have unreliable data, and privacy is not being protected either.

The Chairman: Further to your comments about repairing the system and further to Mr. Wilfert's comments about being frustrated about a poorly administered system, with respect to protecting consumers from identity fraud artists, do you think it would be prudent to attach let's say a PIN number to the use of SIN cards, perhaps allowing all citizens to come in and register themselves and get a PIN number so no one could use their card fraudulently? Has this ever been suggested?

Mr. David Rattray: Madam Chair, perhaps I could start off with this.

I think using a PIN or similar identification technique starts off with the premise that it's either the existing SIN number or a modernized or modified SIN number. A PIN number is simply one method.

In exhibit 16.6 we try to put before Parliament a scenario that would show technological innovations that currently exist today. I think people in the industry would probably say PIN cards are just one. You're getting into biotechnological identifiers, encryption, and others. So PIN is one example, but I think maybe by the time we have it introduced there will be something beyond that.

The Chairman: More sophisticated, yes.

Mr. David Rattray: So to answer your point specifically, putting a PIN with the existing SIN card system is probably not, in my personal view, an early quick fix to a bigger problem. The exhibit simply shows the members that if a SIN card or a number of some sort were to be an identifier, this is a wide range of what is available, which HRD and others I'm sure know well and could start off with as a base to work from once they receive direction in terms of what option, what they're clearly responsible for managing.

The Chairman: So that would be considered a very primitive mechanism. I see that you've got a more sophisticated wish list here.

Mr. David Rattray: Madam Chair, I currently use a PIN number with my bank card, and I hope it's still quite good, but I imagine next year I'll be using something different from that—voice recognition or a handprint or something.

The Chairman: Thank you.

[Translation]

Mr. Crête.

Mr. Paul Crête: I will put a brief question in two parts.

The first part concerns the card I just showed you, which is issued to people as they reach the age of 65. Do you think it is an abuse of the social insurance number to put it on such a card without at the same time giving a warning about its use? This is the first part of my question.

• 1625

Here is the second. In your report, on pages 16 to 23, you state:

As shown in exhibit 16.7, 2,730 SIN abuse investigations were carried out in 1997-98, which is 52% less than in 1993-94.

Could you explain to me how investigations could have gone down by 52% over the past five years? Would it be because they took away the SIN inspectors and redirected them toward unemployment insurance investigations? Is there any other explanation for this decrease? If we went back to the 1993-94 level, couldn't we solve many of the current problems and cases of fraud?

Mr. Denis Desautels: Madam Chair, I will try to answer the first of Mr. Crête's two questions, and I will ask my colleagues to answer the second.

I have not seen the cards mentioned by Mr. Crête. All I can say is that it perhaps shows what has happened to the social insurance number over the years. All kinds of good reasons were found to invent new ways of using it and, as time went on, it became, de facto, a universal identification number. If you ask the Privacy Commissioner about this, he will tell you that it is being used a bit too freely. So, obviously, this illustrates perfectly what happened to the social insurance number over the years.

Mr. Paul Crête: The department is in charge of managing the numbers.

Mr. Denis Desautels: Yes. However, if you study the list of 24 current uses of the social insurance number, in the federal context, we can see that it is not the only case like this.

David.

[English]

Mr. David Rattray: Perhaps I can ask Mr. Laplante to respond to the second point under paragraph 16.6(4).

[Translation]

Mr. Maurice Laplante: Madam Chair, as a matter of fact, we have seen the number of investigations go down considerably. The decrease could be attributed to various factors. Several things happened inside the department during that period. There was a great deal of change in the employment insurance workload, but, there was also an emphasis on performance indicators, on targets that had to be met by investigators. This in effect changed the orientation of investigative work. As was just mentioned, the work is being directed toward potential savings or fines that can be levied in cases of employment insurance fraud. Thus, the investigators' work is now focussed on employment insurance fraud and this is in some way at the expense of the work which could be done in specific social insurance number investigations.

The Chair: Mr. Crête, a very brief question.

Mr. Paul Crête: Mr. Rattray, you mentioned a reply to your recommendations that you received from the Department of Human Resources Development. Could you let us know what that answer was? I understood just now that the department had responded to your suggestions. Perhaps I did not understand correctly.

Mr. David Rattray: Madam Chair, the two answers I mentioned were included in our chapter. I can show you where they are to be found in the chapter, in which sections.

Mr. Paul Crête: The two answers that you got?

Mr. David Rattray: They are included in our chapter.

Mr. Paul Crête: You did not receive any other answers to the recommendations in the entire document?

Mr. David Rattray: No.

Mr. Paul Crête: I see.

The Chair: Mr. Vellacott.

[English]

Mr. Maurice Vellacott (Wanuskewin, Ref.): This is maybe directed to Maurice Laplante, on the matter of these countries, France and Belgium and I think you mentioned another one, that are quite advanced.

If we could choose one country in the world as the most advanced, the most thorough of all the security features on exhibit 16.6, sometimes to get a sense of where we might be heading as a country, it's nice to know what those that have already gone ahead on some of these things are using. What would be the most advanced security feature of all, in your view, the most secure, and what country would be using that right now? Would it be Belgium, France— Would that be a fair question to ask?

Mr. David Rattray: Perhaps I could try a response to that one.

We did two things. We looked at the countries we referred to earlier, which Mr. Laplante responded to. Those were countries that were just generally exploring or had moved down the road toward a common client identifier. We hadn't looked specifically into the amount of security and privacy points built into cards or databases, except referring to the study done for HRDC.

• 1630

I may be wrong, but the other point you're perhaps referring to is the exhibit I was talking to, which gives the wide range of possible controls if a card were to be used, say, here in Canada, and there is no attempt for us to link the one chart that has a wide range of controls to specific controls in countries where they were studying the roles and the possible implementation of a common client identifier.

Mr. Maurice Vellacott: You list in no particular order these security features, paragraph 16.6. In your view, would some of those be more advanced than others? We talked about PIN before and how that was maybe okay. You were still comfortable with that and confident about it. In your view, are some of these clearly better and more secure than others when it comes to priorizing?

Mr. David Rattray: Madam Chair, in putting this together we consulted with a number of people who deal with security features with regard to cards, credit cards and others, and this was the result of a collection of discussions with quite a number of people in terms of what exists today. We did not put them on a priority list, but I certainly know that PIN numbers are in use now and will very likely be replaced by biometric features. But I think it's a business case that has to be put forward, a cost-benefit analysis, before we move to the next stage.

So they're not in any particular order. But there is, I think, in the private sector an evolution that's occurring that's further advanced than in the public sector, and biometrics is certainly the next generation past simple PIN numbers today.

Mr. Maurice Vellacott: On a cost-benefit basis, do you have any speculations on what the business community or the private sector out there is leaning towards? Is it biometrics?

Dr. David Rattray: No, but I know banks and other financial institutions are in fact working and studying in these areas. In fact, we had advice from one of the large banks and from someone who was fairly senior in the Royal Canadian Mounted Police who was working with us in terms of what's available today. We also talked to one of the large accounting and consulting firms and sought their advice in terms of what is being used. So it's a collection of a range of what is possible. But we didn't go further because we were simply putting it forward as an exhibit, not as a cost-benefit study. I think that's left to the discussion and the business case put forward under different options.

The Chairman: Thank you, Mr. Rattray.

Mr. O'Reilly.

Mr. John O'Reilly (Haliburton—Victoria—Brock, Lib.): Thank you very much, Madam Chair.

Once again, Mr. Desautels, welcome, and thank you very much for bringing your expertise to this committee.

In my mind I think the problem goes a lot deeper than what we're dealing with in just SIN numbers, and I think the abuse is much deeper. For instance, I have constituents who have complained to me that with the new credit card companies coming into existence and all the solicitation going on by banks outside of Canada, in particular credit card organizations, people are selling lists to these people, and so we're ending up on mailing lists for applications for a new MasterCard with Bank One and some of these other things.

Some interesting things have come to light. For instance, the one that was sent to me was that they were trying to figure how their dog's name ended up on an application for a MasterCard with the owner's SIN number. In looking at it, we found that probably the only way that could happen is that the list from the dog grooming company was sold to some organization that collects lists of people. An application for a MasterCard was then sent to their dog, using the owner's SIN number. In order to take your dog to a clinic, you would have to give your SIN number to the vet or to whomever you are dealing with. Besides that is the fact that a number of dead people have surfaced. Dogs and dead people have SIN numbers.

I have these cases in my office that I'm working on, and when I saw the SIN number mentioned in chapter 16, I sent it out in response to constituent inquiries as to what to do with an application for a MasterCard for their dog. But they were more concerned about their SIN number being used and about an application that was sent to their father who had been dead for 12 years with his former SIN number on it. So I just wondered if your investigation covered anything along the line of what type of legislation is required to stop the abuse.

• 1635

You can find abuse of everything. As we move towards using more electronic gadgetry, I find such things as prisoners calling people on the telephone and telling them they're checking their equipment and that if they hit *90, they'll find out if their equipment works. What that actually does is allow the person calling to use their number for long distance calls. It transfers the billing to that number. So we have to kind of build all these things in.

I wanted to know if your investigation included the selling of lists that may have SIN numbers on them to private corporations.

I wanted to give you a good one. This isn't public accounts.

Mr. David Rattray: Madam Chair, I think they've all been good ones.

Some hon. members: Oh, oh!

Mr. David Rattray: I'll try to be brief. Certainly, we have a lot of background on this, and the hard part is to be brief.

First of all, with regard to fraud and abuse, we looked at investigations and so on that are going on in those ministries that are responsible for doing just that, HRDC being a prime example and the Employment Insurance Commission simply being one. We also quoted instances of investigations with Revenue Canada. So we didn't undertake directly to conduct fraud investigations. So what's there is simply a portrayal of what the levels of effort, and in some cases declining effort, are around the social insurance number to detect the extent of fraud with regard to the social insurance number.

We did not go into those programs and look at other areas of investigation for fraud, as you were mentioning. We were trying to give a picture of the level of effort—and I think in a couple of cases we were showing how it is declining against a problem that seems to be escalating—in order to report to departments that there needs to be a reshift in identifier indicators and perhaps for them to consider very seriously a shift in resources to put preventative controls for fraud and stronger penalties in place.

We mentioned specifically, though, the very low administrative penalties and very few, if any, charges in terms of the deterrent effect. We were concerned about that and reported it. None of those are really going to put a major dent into future fraud abuse and additional levels of control to prevent it.

So I think that's where I can respond on that side. It was not a direct fraud investigative type of work we did. We simply tried to put a picture before you of what others are doing who are tasked as part of their responsibilities for doing this and a concern we have about it.

Mr. John O'Reilly: If I may, I'm talking about one household that already has two cards that were fraudulently used, and it's so easy to do by simply buying a mailing list from an organization. When you're looking for all these cards, there are probably more than what you've found if I can find two in one household.

Mr. David Rattray: All we did, Madam Chair, is simply try to give a picture of the level of effort the departments themselves were devoting towards detecting the number of illegal cards or double counts on cards. As we mentioned earlier, there is a decline in effort, particularly going into the social insurance number area, because the measure or indicator that seems to get resources is direct cost savings. It is easier or more appropriate to deal with things such as GST abuse or employment insurance fraud where you have a direct payback in terms of real dollars, as opposed to seizing cards or claiming cards and putting them out of use.

I understand there's a greater issue, but when your indicators are to track cost savings, putting a lot of resources into simply finding illegal SIN cards doesn't give you the measure you're after. We made this point and the department is re-examining its performance indicators; and hopefully we'll re-examine the level of resources that's being put against this effort and find more cards in the future.

• 1640

Mr. John O'Reilly: Good, thank you very much.

The Chairman: Further to Mr. O'Reilly's point about how some companies have become gateways for identity fraud, I'm thinking specifically about cell phone companies. My own husband's SIN was misused and fraudulently used. Do you think it would be worth while for Parliament to mandate that all federally regulated corporations meet certain standards of fraud prevention in relation to the misuse of SIN numbers? Do you think that would be a step in the right direction?

Mr. David Rattray: Madam Chair, I think I would not be in a position to tell Parliament what it should do in terms of setting legislation.

The Chair: We're seeking advice. Nobody's ever shy about telling us what to do.

Mr. David Rattray: I think anything that moves in the direction of deterring fraud, of catching fraud and proper sanctions, from our point of view in terms of looking at how public moneys are properly expended, is certainly a step in the right direction. In terms of specifically dealing with cell phones and fraud, I defer that to a parliamentary discussion and the legislators who draft legislation to deal with. However, anything that would spend taxpayers' money more wisely I would certainly support.

The Chair: Mr. Desautels.

Mr. Denis Desautels: I agree with what my colleague has just said. I think it's probably possible for HRDC to actually impose some kind of penalty or sanction on companies that are, say, a party to this kind of abuse. Before we propose new legislation, I think we should explore whether or not we're using the current means at the government's disposal to their full extent. I believe that if there's really this kind of abuse going on, there must be a way of getting to it under current law.

In terms of legislation generally, you've just put your finger on one problem, but there is a multitude of problems like this that have been brought to our attention, and brought to your attention, across the country. There's really been a lot of pressure put on people to comply where there's a request for SINs. In fact, I don't think that was ever the intent of Parliament in the first place. So there are a number of other serious areas of abuse where people are really quite frustrated. We've received some complaints on that ourselves. People are blocked from doing simple civil transactions unless they put out their social insurance number. There are a number of areas you might consider eventually for further legislation or amendment to current legislation.

The Chair: Thank you. We welcome your input.

Mr. Dubé.

[Translation]

Mr. Jean Dubé: What struck me particularly about today's debate is the role of the social insurance card that helps to get credit cards and various other things. I think that access to the information linked to the card is still a problem.

I am mindful of what was just mentioned regarding what I said about the still-active files of Canadians who are no longer living, who have died but whose deaths were not recorded. You may or may not agree with what I'm about to say, but it seems to me that information should be centralized in one single department, under one hat, under the roof of one building. Then it might be a little easier to get information. This is a suggestion, a comment.

• 1645

As I can see, it is currently used by the departments of Human Resources Development, Justice and Industry. Also, all those who issue credit cards have the social insurance number. Employers have social insurance numbers. This is becoming a free market. So, I think that the role of the social insurance card should be redefined and also more closely coordinated.

Mr. Denis Desautels: Madam Chair, I'm not sure whether I really understood what Mr. Dubé meant about centralization. The Social Insurance Register is centralized and is under the responsibility of the Human Resources Development Department. It has a very clearly defined responsibility regarding the safekeeping and maintenance of the register.

Data is exchanged between the central register and some other users like Revenue Canada and the Employment Insurance Account, that currently use the social insurance number very widely. But the responsibility for maintaining the register is quite clearly defined. In my mind, only one department has it. So, there is already a certain kind of centralization.

Mr. Jean Dubé: Then, the problem is perhaps with information exchange. Where does the department receive its information from? I'm going back to the cases of deceased persons.

Mr. Denis Desautels: To keep the register up to date, by entering birth and death data, the federal government, or the department, needs information from the provinces. Therefore, there must be a working agreement with each province whereby deaths and births are reported. As a matter of fact, they are mainly concerned with deaths. Births are less important; sooner or later someone will apply for a social insurance number. Actually, there must be an exchange of information with the civil register of each province.

The Chair: Ms. Brown.

[English]

Ms. Bonnie Brown (Oakville, Lib.): Thank you Madam Chair.

I want to make sure that the conclusions we have drawn from the Auditor General's report are indeed accurate. I'm looking at the chart on page 12, which refers to the example the Auditor General used, that 311,000 people have SIN cards at 100 years or older but only 3,000 people are recorded in the census as being alive. Would it be logical in your view to conclude that therefore 308,000 are dead, or is there some other explanation for this number of cards?

Taking it a step further, it does seem fairly probable that at this age level the 308,000 are dead, but using that methodology, did you evaluate how many people might be dead in the other groupings? In other words, maybe using actuarial probabilities, how many people in the 80 to 89 category with extra cards might be dead, and how many people 70 to 79? In other words, if in fact we know that in the over-100 years a certain proportion of them are dead, this number at the bottom then becomes less valid, this 3,783,000 number. I'm just wondering if you've applied any kind of evaluative data around death to these other numbers.

Mr. Denis Desautels: Madam Chair, I'll start and I'll leave it Mr. Rattray to complete.

The point of the 3,783,000 is that there are numbers that are still in circulation, that can still be used by someone even though the original holder of that number is deceased or has moved out of the country or something else.

• 1650

Ms. Bonnie Brown: Are you sure they just did not register their death and their descendants threw it in the garbage a few weeks later?

Mr. Denis Desautels: That could very well be, but we don't know that. We know certain tricks are being perpetrated by people who have used cards belonging to people who are deceased. They even check the death columns and eventually find out the number of the person and use it.

Ms. Bonnie Brown: I understand it's possible, but it's just as possible that the thing is in the basket and no one has ever used it.

The way this has been talked about since the day you tabled your report has an implication to it, and you've just furthered that implication by suggesting that every card that has not been literally struck off the list is probably being used by some trickster. But my feeling is that the majority of them are probably in the basket, melted in an incinerator, in a garbage dump, or maybe even cut up by a descendant.

Mr. Denis Desautels: I don't want to exaggerate the point, but I think the fact that you've thrown the card of a deceased person in the basket doesn't prevent someone else from using that number again as long as it's alive in the registry.

We don't know for sure how much this happens. This happens only a fraction of the time, but with the number of cards in circulation that are not cancelled when they should be cancelled, it allows for more possibility. The frauds that have been picked up quite often are through the use of cards that should have been cancelled and have not been cancelled.

That's the only point of that number. The more of those there are in circulation, the more it facilitates some kinds of issues.

Ms. Bonnie Brown: The more it's possible but not necessarily true.

I want to go now to the page 9 chart, “Types of SIN Abuse”. There's something about the way this was presented, at least in the initial couple of days after you tabled it in the House, that people took the number 3.7 million, looked at this list and got the feeling that all those 3.7 million numbers—I prefer to say cards but you're saying numbers is just as good—are being used for these purposes.

Would you not say that using a number for any one of these purposes requires essentially criminal intent, and therefore it is not to be applied to the general Canadian population?

The conclusion I drew, and some other people drew, including the media, was that all these numbers are out there loose and everybody who has one of them at their disposal is doing these kinds of activities with it. Now, surely you did not mean to imply that.

Mr. Denis Desautels: I don't think our chapter says that.

Ms. Bonnie Brown: It doesn't, but the way it's laid out and some of the language has led people to conclude that.

Mr. Denis Desautels: I think the language in the chapter is pretty clear on that. We're being quite factual in describing the problems that are out there. I believe none of this is exaggerated, and in fact with a little research we were able to demonstrate that there are problems. But we never said everyone who has a card in their drawer is doing this. It doesn't say that at all in this chapter.

Ms. Bonnie Brown: I didn't say it says that, but in some people's minds that is the conclusion they drew from these two charts. There are these many numbers out there and these are all the potential activities, therefore there is this plethora of abuse going on. I just want you to say you certainly didn't mean to imply that.

The Chair: Would you like to make a comment?

Mr. Denis Desautels: We not only didn't imply that, we never said it. The report doesn't say that.

The Chair: Exactly.

Mr. Wilfert, very quickly. Then we'll go to Monsieur Crête, then Monsieur Clouthier.

Mr. Bryon Wilfert: Madam Chair, the Auditor General obviously knows there's no prohibition on the use of the SIN number. I know Mr. Johnston has indicated, and I've been in the same situation, where people have asked for it in cases where they shouldn't. Obviously we have a problem and it needs to be either fixed or rebuilt.

In the meantime, I don't know whether this is in your realm, but it seems to me we need some kind of legislation in the short term to deal with the fact that people have a lack of understanding as to what the SIN number is to be used for, and therefore it is being abused. We need to have penalties in place, certainly in the short term, to deal with the problem because the problem will go on until the system is either fixed or rebuilt. We need to have some very tough penalties where there is abuse.

• 1655

The very fact that there are thousands of people in this country with no legal status who have SIN numbers is enough to give me grey hair. I'm either going to get grey hair or go bald; I'm not sure which is going to happen.

A voice: You're hoping for grey hair.

Mr. Bryon Wilfert: I'm hoping for grey hair. I don't know about my friend here.

We need some kind of legislation that would come down hard on those people and also maybe a public awareness program on what the SIN number is for. Canadians, being the mainly nice bunch we are, tend to give away these things.

Mr. David Rattray: Madam Chair, perhaps I could try a response to that. As you well know, Bill C-54, which deals with personal information protection and electronic documents, has just been tabled. I believe yesterday there was a vote on it to refer it to committee for study. I'm not sure where it is, but I believe it occurred yesterday.

Bill C-54 deals with a concern we raise here in our report about the widespread use and possible abuse in the private sector of the SIN number and other forms of personal information. As one reviews that bill, it's an opportunity to deal immediately with what sanctions are in that draft bill. So there may be a very immediate issue there one can deal with.

Secondly, if one looks at the public sector, I think you would have to go back and look at the current legislation under which the ministry of HRDC operates, the EI in particular, which lays down the sanctions. We report in our chapter that the administrative penalty we saw for misuse of SIN was a maximum of $1,000. Of 325 cases we looked at, only one had a penalty of $200 imposed. So there's an opportunity to have dialogue around that piece of legislation on sanctions, and an opportunity around Bill C-54 to see whether there are some real teeth in it from a sanctions point of view.

The Chair: I can see that we have many questions, so the order is going to be Monsieur Crête, Mr. Cloutier, Mr. Johnston, and then Madame Chamberlain, you'll have the last word. Actually, our guests will have the last word.

Mr. Crête.

[Translation]

Mr. Paul Crête: Mr. Desautels, my question deals with two points. If nothing is done about the register, what do you think will happen in five years? Will things get even worse?

Moreover, without an extensive debate on this as you recommend in paragraph 12, and not only about the register, but on the entire philosophy and principles of social insurance number uses, what will be the consequences within five or ten years? You can choose the time line you prefer.

I'd like you to tell us clearly what could be the consequences of inaction in both cases.

Mr. Denis Desautels: Madam Chair, regarding the first point, if nothing is done to correct the register's integrity, the situation in a few years will be more or less what it is now. The current situation has already been developing on for quite a few years. It didn't begin yesterday or last year. Five years ago things were about the same as today. It's constantly deteriorating bit by bit, but there is no reason—

Mr. Paul Crête: We would have many more people who are 100 years old and have not yet died.

Mr. Denis Desautels: I can simply not accept that things will be the same in five years. I'm taking the assurances we have received at their face value, and hope that our recommendations will be followed up. We ourselves will be following up on the plan to ensure that in five years—

Mr. Paul Crête: I am not assuming that the department will fail to do its work. I simply want an accurate profile of the situation.

• 1700

Mr. Denis Desautels: There's a great deal of frustration when funds are abused. When I talk about abuse, I'm talking about abuse of privacy. People ask for your social insurance number much too often. Canadians are going to be increasingly frustrated. People talk to us about their frustrations, and share them with you as well. We are seeing that the use of social insurance numbers is on the increase. Every month, somebody finds a new use for it, both in the private sector and the public sector. So people who worry about privacy find themselves becoming increasingly frustrated.

[English]

Mr. Hec Clouthier (Renfrew—Nipissing—Pembroke, Lib.): Madam Chair, I guess most of my questions have already been asked. But since most politicians like to hear themselves talk—those on the other side of the table, especially—I'll give it a whirl.

Mr. Desautels, I notice you used the word “trick”. My colleague here to my immediate right, I'd like to get the trick that somehow I could get my dog the MasterCard instead of my three teenagers, because it would probably be a lot cheaper at the end of the day.

This leads me to something very important, Mr. Desautels. I believe the majority of Canadians are far more concerned about the information with credit cards and with PIN numbers than they are with the SIN number.

Before I got this job, I had businesses in the real world. I know that people were much more hesitant about the MasterCard or any other personal banking information than they were about the SIN. Where does it all end?

The conundrum we face is that even if we do, as some people recommend, basically scrap the system and start over with some new type of system, we're in the information age. So sooner or later, whatever the system we bring in, especially if it has to do with numbers, people are going to be apprised of that and there will be some abuse in the system.

So I guess my question is twofold. Do you believe the penalty should be increased for abuse of the SIN number? I know from checking around other countries in the world, there are people far smarter than I, especially on this side of the table, although on the other side I'm not so sure. I'm just wondering what has been done in other countries to face this problem of abuse of SIN numbers? Or has there been anything? David said earlier that some of the other countries had tried it and then they'd scrapped it because it just didn't seem to work. It just seems to be never-ending, and it seems we're going around in circles.

The Chairman: Mr. Desautels.

Mr. Denis Desautels: Madam Chair, I agree with Mr. Clouthier that the abuse of the SIN number and the use of the SIN to invade privacy is not really the only concern people have about privacy. Your privacy can be attacked on many other fronts and I totally agree with this.

Should the penalties for outright abuse now be increased? As Mr. Rattray said earlier, there are penalties on the books now for an outright abuse of the SIN, and those are not being used or applied to their full extent. So there's room to move further, if you want to be stricter on this front. There are possibilities, and there also has to be some kind of determination on the part of HRDC to enforce this a little more strongly.

As Mr. Rattray explained, right now the incentive system is encouraging people to focus in other areas and that's why the number of investigations on this part has gone down.

• 1705

As far as other countries are concerned, we have looked into, as we said earlier, their efforts in terms of improving the equivalent of the SIN. We described that here quite factually. But we haven't really looked into the enforcement side in those other countries. That would be another exercise. I really can't go further in terms of answering that part of your question.

The Chairman: Mr. Rattray, do you have a quick comment?

Mr. David Rattray: Madam Chair, I have some very quick points.

I think the difference between fraud with the SIN, credit cards, and other abuses is the privacy issue that comes into play with the SIN. That is just as much of a concern as the widespread use of it becomes more and more commonplace. So the privacy issue is of concern to Canadians as well as the fraudulent abuse.

Since tabling our report in Parliament, we have also put it on our web site. If I remember the statistics, more people access this site than those of other reports. I think part of that is from other national audit offices that have expressed interest in this report. It would not surprise me if other national audit offices soon launched a type of audit that's similar to the one we did.

The Chairman: Mr. Johnston.

Mr. Dale Johnston: Thank you, Madam Chair.

It's really quite surprising to me that there are so many people more than 100 years old who still have cards registered to them, because your executor would have to file a final income tax return on your death, which of course would carry your SIN number with it.

Along with that, there must be a lot of problems with interdepartmental communications. It seems to me that Revenue Canada must not be communicating with HRDC. You can't bury anybody in this country without a death certificate. As far as I know, the only people who don't go through a funeral home or embalmer would perhaps be the Hutterite people, who bury their own on their place.

So it would seem to me that the paper trail is there. I would like to get your opinion as to why it seems that the left hand doesn't seem to know what the right hand is doing.

Mr. David Rattray: I'll try a response to that sort of multiple question. First, with respect to Revenue Canada, there are 20 registered data matches with HRDC and other departments, agencies, or provinces. Of these matches, 13 are for the Treasury Board and the privacy commissioner to deal specifically with Revenue Canada. I don't have the list here with me, but the majority of the data exchange is with Revenue Canada.

Second, the records of deaths and births are kept by provincial vital statistics. So when deaths are registered, they are done primarily at that level.

There is a pilot project, which we refer to in our report, whereby HRDC is currently working with the Province of New Brunswick to exchange data when someone applies for a card. This is to be sure they aren't one of those who are still registered and not removed from the database of the registry.

The last point, to be brief, is that prior to 1976, with the need to get everyone registered for employment insurance, CPP, and the Quebec Pension Plan, there was no proof of identity required. So as we report in the chapter, there are several million registered numbers still in the system for which no proof of identity has been provided. So those people may have gone on, and they should have been removed for one reason or another.

The Chairman: Mrs. Chamberlain.

Mrs. Brenda Chamberlain: I just wanted to know something. I guess this is part of Bonnie's question a little bit. For instance, say my mother died, and I found her card. I would probably cut it up. I'll bet you nine out of ten people would do that.

What is it you want people to do with the cards then, if they find one, return it? Is that what you're asking?

• 1710

Mr. Denis Desautels: We're suggesting that someone, either another agency, government, or provincial authority, should communicate with the registrar to say that person is deceased and ask them to please take that number out of their system. Therefore, that number, each time somebody tries to use it, will just be a voided number.

Mrs. Brenda Chamberlain: Okay, how does that happen? Is that communicated to people in some way? I don't ever remember it being communicated to me, but that may not be true.

Mr. David Rattray: What we want to see—this is respecting privacy issues as well, because that predominates here—is more of an exchange with the vital statistics branch at the provincial level along the lines now of what New Brunswick is doing. This would catch the deaths registered in the province in the vital statistics branch. If privacy could be respected and data exchange was given technology needs to match and so on, then one would pick up the death that way and purge the social insurance number registry.

So you could keep your card. If someone looked in the obituaries and tried to misuse this by coming in with a death, then it would be caught when they applied because it would be showing as a card that had been voided as a result of a properly matched death from a provincial vital statistics record. I think this probably would answer that. So tear it up or burn it, but please destroy it. You couldn't get through the system now as easily by using that.

Mrs. Brenda Chamberlain: So this is what you want to do.

Mr. David Rattray: That's one step that the ministry is currently working toward. We gave the example of one province currently participating in that. But it's taken a lot of work to get that agreement in place with the federal, provincial, privacy, and technology sides, and so on. We'll see how well it's going to work. We'll be watching that and reporting back on it as well.

Mrs. Brenda Chamberlain: It would seem to me that as an individual person, if I weren't involved here in doing what I'm doing now, I would probably cut up the card. I would probably, as Hec said, not view it as important as something like a credit card. I would know instinctively that a credit card is very important. Somebody could take this and do something with it.

But I don't think the awareness of the average Canadian would be the same around the SIN. They think it has a purpose for work only. Obviously there are Canadians who probably already know that it has another use, but I'm just saying that the average person, who would be honest and not thinking about this, would not realize it probably. That would be my belief around this.

The Chairman: We'll conclude the—

Mrs. Brenda Chamberlain: Well, I just have one further thing if I could, Madam Chair. My question is really to you as much as to the witnesses.

What's the plan now? Where do we go from here? We heard the information. Will we be studying this further to make recommendations? Is that what the plan is?

The Chairman: We'll be having a steering committee within two weeks. Then, subject to approval by the steering committee and the full committee, it's our intent to hear the department officials. Hopefully, we can conclude this with a productive study and not delay too long.

Mrs. Brenda Chamberlain: Would we have recommendations? Is that our intent?

The Chairman: Could we deliberate this after? I don't think we should keep our witnesses here while we talk about our future plans for the committee.

Mrs. Brenda Chamberlain: All right.

The Chairman: I'd like to thank you all for coming and sensitizing us to a most serious problem. Certainly, I feel that it's incumbent on this committee to advance changes that would protect the public and also the integrity of Canada's social services. So thank you all for coming. It was very insightful.

The meeting is adjourned.