HRPD Committee Meeting

STANDING COMMITTEE ON HUMAN RESOURCES DEVELOPMENT AND THE STATUS OF PERSONS WITH DISABILITIES

COMITÉ PERMANENT DU DÉVELOPPEMENT DES RESSOURCES HUMAINES ET DE LA CONDITION DES PERSONNES HANDICAPÉES

EVIDENCE

[Recorded by Electronic Apparatus]

Wednesday, March 3, 1999

• 1539

[English]

The Chairman (Ms. Albina Guarnieri (Mississauga East, Lib.)): We will begin.

Today we have asked HRDC to reply to the many suggestions we've heard over the last several weeks in relation to the reform of the SIN.

We've heard concerns about privacy, identity fraud, about government programs being bilked by people using multiple or forged SIN cards, and generally about a system that is challenged in terms of public confidence and defined purpose.

I trust our guests today will provide their plans to repair certain elements of the current system and give us some guidance as to whether we should be recommending a completely new SIN system.

• 1540

So I would like to welcome our guests. Our guests are John Knubley, assistant deputy minister of insurance; Doug Matheson, director general, insurance service; Jacques Bourdages, associate director, national service; and Dennis Kealey, director general, national programs delivery services, income security programs.

[Translation]

Welcome everyone.

[English]

Without further ado, please begin.

Mr. John Knubley (Assistant Deputy Minister Insurance, Department of Human Resources Canada): Thank you, Madam Chair.

I'm going to give you an overview of HRDC's work in response to the AG's report. Dennis Kealey, who is from the income security programs, will also make a brief presentation on how SIN is working in relation to the income security programs.

Let me start by saying that it's a pleasure to be here, and we welcome this opportunity to participate further in the discussion about the social insurance number.

You'll recall that on November 26, Hy Braiter, our senior assistant deputy minister of service delivery, addressed this committee and indicated that there are essentially two main issues that we are focusing on as a result of the AG's report on the social insurance number.

[Translation]

First, there needs to be improvements to the administrative processes and data integrity of the SIN. In this matter, HRDC plays a key role. Second, there needs to be discussion and parliamentary consideration of a much broader policy issue, that being whether Canada needs a system that goes further than the current SIN, that is that goes from a file identifier to a national identifier.

[English]

So there are basically two issues at play that we're working on: the first is on administrative issues based on the social insurance number being a file identifier; and the second is in relation to the much broader policy issue as to the role of the social insurance number. Underlying that broad issue is the fundamental challenge of respecting privacy considerations of Canadians while at the same time responding to the need for increased efficiency, especially in an era of electronic commerce. This is a difficult challenge and requires careful balancing between the interests of privacy on the one hand and the interests of increased efficiency on the other.

On that broader policy question, the Standing Committee on Public Accounts has asked, in its report of February 4, that HRDC, together with Treasury Board, the Department of Justice, Revenue Canada, and the Office of the Privacy Commissioner, prepare a set of options to improve or replace the current social insurance number.

In regard to the administrative issues, the HRDC work plan is based on the notion that the SIN is a file identifier only, and Hy Braiter talked to you about that at length in November, the last time we appeared before you. From this perspective, HRDC established, in the fall, five working groups to respond to the Auditor General's report. Their focus is on such issues as data integrity, proof of identity, penalties, investigations, and the form of the card. I'm pleased to tell you today that this plan remains on track, and as requested at the November 26 presentation, our detailed work plan, with milestones, has been made available to you.

I don't propose to review in detail today the work of the five task forces. If members would like a further update on the work plan, my colleagues and I would be happy to do that for you.

What I did want to do today is talk about four issues that I think are important in your deliberations. The first two issues relate to questions you raised at the November session. You asked, for example, what more could be done now to improve the data. You also sought more information on the options for improving proof of identity and security of the SIN card.

Let me start with the issue of what could be done now to improve the data. Since our last meeting, we have moved forward on two fronts.

First, in regard to old age security mortality data, we are now adding to the social insurance registry, the SIR, in stages, starting in March, the mortality data that are associated with the old age security program. As a result of legislative changes last year, we are now permitted to make this link to mortality data in the old age security program. Based on our analysis, we anticipate that 672,000 new deceased records will be added to the social insurance registry. So we're making progress in that regard immediately.

• 1545

Second, we've moved to create a so-called dormant file, and Hy Braiter talked a bit about this in November 1998. This means we're identifying those SIN accounts that have been inactive for five years. We anticipate that all these accounts will be annotated and on the register by June 1999. We're not absolutely sure at this point how many accounts we're talking about, but we are confident this will go a long way toward improving the registry.

Turning now to the question about improving proof of identity and security of the card, I want to stress that we are taking concrete action to address these issues.

[Translation]

On proof of identity, we are convinced of the merits of increasing the rigour of the process. We are currently reviewing procedures in various federal and provincial departments. We are examining the risks associated with mailed-in applications, the ability of HRDC agents to recognize fraudulent documents and possible additional controls on replacement applications.

[English]

So for proof of identity we are looking at the risks of mailing, the risks of fraud, and various supplementary measures of control.

In terms of enhancing the card, we are examining a number of options as well, including biometrics. A challenge here, and I think Hy Braiter stressed this in November, is that these enhancements add significant costs that under the current use of the SIN card as a file identifier are difficult to justify. It's also important to recognize that the costs are not just in relation to the creation of the card, but also each time the card could be used and read by a user.

Let me turn now to two issues where we would hope your work can give further direction and impetus to the work we are doing. I want to talk to you about a possible public awareness campaign and the work we are doing with the provinces.

The idea of a public awareness campaign or a broad communication strategy on the social insurance number has come up in the context of talks with other federal departments on the broader policy issue. Interdepartmental discussions led to the conclusion that the federal government might consider a public awareness campaign on the appropriate and lawful use of the SIN. Such a campaign could be undertaken in partnership with the various departments, especially Industry Canada and its outreach with the private sector.

In particular, this could dovetail with a public awareness initiative that Industry Canada will likely undertake after the passage of Bill C-54. This is of course the bill regarding the protection of personal information in the private sector. In addition, this public awareness campaign would also be developed with the office of the privacy commissioner.

We are currently working with many federal departments to identify the nature and feasibility of such a campaign, and we would ask you to consider such an initiative in your deliberations. The challenge is to develop an effective communication strategy to ensure that Canadians are informed regularly of the appropriate uses of the SIN number and any new developments that may occur in relation to its role, for example.

In terms of work with the provinces, we continue to make progress. It's abundantly clear that we need to improve access to provincial birth, death, and name change data to improve this registry. However, there remain many issues to resolve. These include securing the cooperation of the provinces, addressing technological barriers, and respecting the provincial privacy regulations.

We're already on track. We're working closely with our social services and vital statistics colleagues in the provinces to this end. With the support of ministers of social services, we have established a federal-provincial-territorial working group devoted to improving the integrity of the SIN. In fact, this is building on earlier work done since 1996 on the broader issue of a common client identifier. A meeting is scheduled with provincial and territorial representatives from social services on March 26, and we're meeting with vital statistics people on March 29 and June 6.

I ask that this committee specifically support all of our work with the provinces and encourage them to work with us to help improve the administration of the SIN.

[Translation]

Madam Chair, in conclusion, I believe that we are on track with our work plan and that there are a number of short- and medium-term initiatives in place that will lead to concrete results.

• 1550

[English]

In sum, I think we're on track and we're responding to the AG's report. I look forward to responding to your questions, and I turn the mike over to Dennis Kealey.

Mr. Dennis Kealey (Director General, National Programs Delivery Services, Income Security Programs, Department of Human Resources Canada): Thank you, Madam Chair. Thank you for the opportunity to appear before this committee to outline the perspective of income security program administrators on the use and management of the SIN. Our branch is one of the largest social insurance number users in Canada, and we appreciate your recognizing the importance of this issue to us.

Indeed, the SIN program began with the Canada Pension Plan and was later transferred to employment insurance, but we do maintain good linkages and work closely with employment insurance through monthly data reconciliation and regular meetings to discuss issues of mutual concern.

For income security program purposes, the role of the SIN is simply that of a file account number. ISP does not use the SIN as a personal identifier, and benefits are not granted or denied on the basis of the SIN, or even on the basis of information held in the SIN register.

To process applications for benefits, ISP independently verifies whether or not a client meets the eligibility requirements, be they for the old age security pension, or for CPP retirement, survivors', disability, children's, or death benefits.

We do not use information in the social insurance register to validate a client's birthdate, date of death, name, residency status, income level, or any other eligibility requirement. We use the SIN simply as a numeric file identifier.

The scope of our programs shows why the use of a file identifier is essential. Currently, over 10 million working Canadians contribute to the Canada Pension Plan using the SIN as the key to maintaining records of their payroll deductions. Last year our employees issued benefits to 4.7 million recipients and responded to almost 5 million telephone inquiries on benefits. In all of these situations we use the SIN to quickly locate the files relating to our clients.

I should point out, however, that while the SIN is a requirement for the Canada Pension Plan, it has not been enforced as a requirement for old age security recipients. Up until 1998, 1% of old age security pensioners did not have a SIN and used assigned numbers instead. This is because the SIN program began years after the OAS program was well established. However, we have recently encouraged all OAS clients to request a SIN for the simple reason that it makes service delivery easier, both for us and for our clients, and streamlined service has cost-saving benefits for taxpayers as well.

The SIN assists with the coordination of client service by various government programs. As an example, this year close to one million guaranteed income supplement clients, GIS clients, will no longer have to make two yearly income declarations to the federal government, one for Revenue Canada and one to obtain the old age security income supplement.

For client convenience, ISP will jointly work with Revenue Canada to deliver the guaranteed income supplement, using less staff yet increasing the likelihood of payment accuracy. In allowing data systems to communicate with each other, the SIN helps to ensure that personal information held in large data banks is accurate. Often when government officials refer to data sharing, thoughts of fraud detection and surveillance immediately come to mind.

I do not mean to downplay legitimate privacy concerns, for which I have great respect, but more and more governments are asked to balance privacy concerns with the knowledge that data sharing can bring about streamlined service. I want to stress that our programs only share information within legislative parameters. From our perspective, a numeric file identifier not only improves client service, it also helps to reduce needless duplication of work, keeping the programs affordable in these times of growing caseloads and fewer resources.

For example, clients are now more aware that OAS, CPP, employment insurance, and the SIN register are managed by the same department. Consequently, fewer clients appreciate having to notify each program separately of an address change, a name change, or a relative's death.

• 1555

File identifiers facilitate proper record keeping across all of our programs. Consider that records could be mismatched because of an administrative error while entering the information in our computer. Numeric file identifiers for comparison purposes help us to quickly identify and rectify mistakes. This lowers the risk that clients will face overpayments or underpayments through no fault of their own.

For these reasons, our program is lending its assistance to improve the accuracy of the information held in the social insurance registry. We will gain efficiencies if the social insurance registry is more reliable and current. To assist with this objective, we have representatives sitting on four of the department's working groups my colleague mentioned. More specifically, we will help to increase the number of client deaths that are recorded on the register, we will certify millions of birthdates on the register, and we will investigate data discrepancies to detect “mispayments”, including those resulting from administrative error and fraud.

In his last report, the Auditor General registered his concern about an estimated 264,000 birthdate discrepancies between the social insurance registry and ISP programs. He recommended that these date discrepancies be investigated and corrected. I am pleased to inform you we have proceeded to deal with this issue.

A recent comparison, in which all CPP and OAS accounts were compared with the SIN register, show our birthdates match by close to 98%. We are encouraged by this high degree of consistency, knowing the SIN program did not have a proof of identity component until 1976, by which time most of our senior clients had already obtained their SINs.

We will review those accounts that do not match. All indicators show that payment errors by ISP represent an extremely small percentage in comparison to the annual expenditures of the CPP and OAS programs.

In conclusion, it is clear that the social insurance number has functioned well for our programs and helps to provide client service in its role as an account number. We agree with the Auditor General on the need to improve the integrity of the social insurance registry, and we are working closely with our colleagues in the employment insurance branch to accomplish this.

Thank you.

The Chairman: Thank you, Mr. Kealey.

We'll begin our 10-minute question period.

Mr. Johnston, you have the floor.

Mr. Dale Johnston (Wetaskiwin, Ref.): Thank you, Madam Chairman, and thank you for your presentation.

You say the Auditor General recommended that these date discrepancies be investigated and corrected, and you're working on them. Can you give us a timeframe as to when you'll have that task completed?

Mr. John Knubley: In relation to the OAS work I talked about in my opening remarks, we're moving to complete that by the end of June. We're creating the dormant file I talked about as well, and that will be completed by June. We have a working group in place looking at data integrity issues specifically. They will be reporting to us in June, and we're hoping to have some very specific milestones set out beyond that.

One of the big challenges in this area, of course, is working with the provinces and the vital statistics people in particular and matching the deaths data they have with our SIN registry.

There is one other area of good news in New Brunswick, where we have already piloted some work in relation to the data issue, and it's quite exciting. Maybe I'll just ask Jacques Bourdages to say a few words about how that's working.

Mr. Jacques Bourdages (Associate Director, National Service, Department of Human Resources Canada): I think it was highlighted at our last appearance...[Editor's Note: Inaudible]...New Brunswick applicants applying for social insurance numbers and cards.

• 1600

We've been able to secure linkages with the immigration database, as well as New Brunswick vital statistics, in terms of access to their birth, name change, and death registries. So as part of the registration process, we're able to validate the information provided to us by applicants with those agencies, which increases the accuracy and reliability of the information that ultimately ends up being created on the SIR.

Another interesting facet of this particular interface in being able to achieve these linkages is the ability to provide telephone-based services for those interested individuals. We've been able to improve the integrity of the register but also the quality of the services we're able to provide to New Brunswick clients.

Mr. Dale Johnston: One of the things we've heard over and over again is that Canadians are being asked for their SIN numbers even by people who they aren't mandated to give them to. We're talking about department stores and other things. Some people even said video stores wanted to use their SIN numbers for the sake of convenience as account numbers.

It has always been surprising to me that we've had this operating for 30-some years and there has never been an awareness program for either the people asking for the SIN numbers or the people who have them, as to whom they are mandated to give them to.

In one of your paragraphs you talk about the idea of a public awareness campaign or communications strategy. Do you have any idea what that would cost or how big a task that would be?

Mr. John Knubley: The short answer is this is exactly what we're trying to explore. What would an appropriate awareness campaign be, what would it focus on, who would it reach out to, and what would the cost be? So I can't tell you today what the cost would be.

I can say that the logic behind raising this with you earlier is exactly the logic you are identifying. It strikes us that one of the challenges is to make Canadians more aware of what the SIN is appropriately used for and to get that message out. Also in the context of Bill C-54, which Industry Canada has brought to Parliament, there is an opportunity for us to reach out, at least initially, to the federally regulated private sector and beyond that eventually to the private sector as a whole.

Mr. Dale Johnston: Have there been any studies done by the department on how widespread this use or abuse of the SIN number in the private sector is?

Mr. John Knubley: The answer is no. As Hy Braiter emphasized in November, our focus on the fraud side is typically in relation to and particular to the EI program. The challenge now—and I think this is one of the opportunities of the Auditor General's report—is to really take a look at how we examine fraud in relation to the SIN and see how it should be applied beyond the EI program itself.

The Chairman: Thank you.

Ms. Ablonczy.

Mrs. Diane Ablonczy (Calgary—Nose Hill, Ref.): Okay.

We've had some good input so far and we appreciate you being here. In looking at this, I think one of the things we're struggling with is this whole notion of a universal identifier. That's really at the heart of a lot of our discussion, particularly with the growing concerns about privacy and the fact that with the computer age, one identifier can give access to so much information about one person.

• 1605

I think a lot of us are inclined to say you have your name, you have your address, why do you have to be numbered and identified that way, with the kind of access it gives?

I'm wondering what information you can give us if we were to make a decision about the merits or demerits of this. What studies have you done? What are the pros? What are the cons? We need help with this and we look to you for that.

Mr. John Knubley: There has been one study done recently in HRDC and it was in the context of federal-provincial-territorial work in the area of social services. This is the federal-provincial-territorial working group on a common client identifier. I understand this report has not yet been shared with the committee, so I think that should be shared with you.

It's a relatively short report, but its bottom line is that it concludes that a common client identifier is not recommended for the reason you were talking about, which is respecting the privacy considerations of individual Canadians, and it doesn't see a clear need to go as far as a full-blown common client identifier.

One more comment is that I think you'll see in the report that there is reference to international experience in this regard, which is quite useful for your deliberations. In particular, they looked fairly extensively at the Belgian experience, where they apparently—I'm not an expert on this—moved toward a common client identifier approach.

The Chairman: Would you be good enough to table the report with this committee? Do you have a copy with you?

Mr. John Knubley: I can't do that today, but I will be happy to get it to you as soon as I can.

The Chairman: Thank you, and we'll distribute it to everyone.

Mrs. Ablonczy.

Mrs. Diane Ablonczy: Just to follow up on that, we've had the privacy commission here with us, and one of the things I'd like to know is whether you, as officials in the department, have made any determinations of whether greater legislative protection needs to be put into place in order to deal with these concerns about privacy and keeping information confidential.

What work have you done to identify what ought to take place there?

Mr. John Knubley: I think HRDC's traditional focus is as the administrator of the SIN and the registry, as defined in the Employment Insurance Act. So in that context, in terms of the privacy considerations broadly, I'm not sure we've looked at that issue from a broad context.

I'm sure in response now to the public accounts committee's request that we look at some of the broad options in terms of its role, we will start to look at that. What I will do is ask Doug Matheson to talk a bit about what the privacy elements of the EI Act are and how they apply to the SIN.

Mrs. Diane Ablonczy: Well, you guys are the ones who know this system backwards and forwards, you're the ones administering it, but if you don't bring out the concerns about it, the flaws or the need for improvement, sometimes it takes years before lawmakers find out. We have the Auditor General's report finally saying that there are some real problems here. Is there no avenue for people who work with this system day in and day out to make some assessment and evaluation and bring concerns forward, or does it just sit there not doing what it should be doing, or being abused, with nobody speaking up?

Mr. John Knubley: I think we do speak up. I have two points on that. One is that it is important to understand our role is primarily as administrators. There is also the role of the privacy commissioner. Treasury Board is in the lead in terms of policy and guidelines. So there's a wide range of partners we deal with. If that sounds like a bureaucratic answer, it's not meant to be.

The second answer I was going to give you is that we saw working with the Auditor General on the social insurance number as a real opportunity to get out some of the issues we deal with on a day-to-day basis. So we worked very closely with the Auditor General in terms of reviewing where we are, in terms of proof of identity, in terms of some of the fraud issues. Many of the things you see in the Auditor General's reports are exactly the kinds of things that we are concerned about on a day-to-day basis.

• 1610

Mrs. Diane Ablonczy: Well, as a member of Parliament, I'd certainly encourage you to be proactive in that regard. I think that would serve the public interest very well.

Mr. John Knubley: Thank you.

The Chairman: Thank you.

[Translation]

Mr. Crête.

Mr. Paul Crête (Kamouraska—Rivière-du-Loup—Témiscouata—Les Basques, BQ): Thank you, Madam Chair.

I'm very pleased to welcome you here today. I'd be interested in discussing the employment insurance system. I'm sure we could spend several interesting days on that subject.

An article appearing in this morning's edition of Le Journal de Montréal led off with the following:

Harshly criticized by the Auditor General for the series of problems associated with the management of the SIN, Human Resources Development Canada is taking broad steps to get this program back on track.

The article then goes on to address the issue of tracking down people who defraud the system.

When the Auditor General met with the committee last fall, specifically on November 4 of last year, he stated the following:

For example, there are nearly 4 million more social insurance numbers than there are Canadians aged 20 or older. Moreover, 11.8 million numbers have not been certified; valid SIN cards are held by thousands of individuals with no legal status in Canada.

Here is another excerpt from the newspaper article:

There are major variations in the employment insurance workload, but equally, the emphasis has been put on performance indicators and on targets that investigators are supposed to reach.

The minister should have read this.

Therefore, investigators seem to be focussing on cases of employment insurance fraud and this takes away from the work that should be done to investigate specific cases of SIN fraud.

Lastly, the AG's representative noted the following:

As for a reaction, we were pleased to hear that the department is planning to re-examine these performance indicators and, if necessary, to forget for a moment the savings that could be realized and to focus more on the concerns that we have raised, namely the improper use of SIN numbers.

Can you give us some assurances that the department has not decided to blame SIN abusers—who must be denounced—for the terrible mess the system is in? How much effort have you put into other areas with a view to helping the department regain some measure of control over the management of the SIN?

Mr. John Knubley: I will try to answer all of these questions.

Mr. Paul Crête: Actually, I only asked one question.

Mr. John Knubley: And that would be?

Mr. Paul Crête: I referred to the AG's comments to the effect that the department should stop focussing solely on fraud cases and concentrate on resolving the bigger problem. I asked you to give us some idea of what the department was doing to address other aspects of the problem and to give us a breakdown of sorts, percentage wise.

[English]

Mr. John Knubley: What I would like to do is just clarify specifically some of the issues that came up in the article you referred to. The fact of the matter is that the AG made recommendations in September—as you pointed out—asking HRDC to review its practices on SIN fraud, and that's what we're doing. In doing so, we're looking at EI fraud practices. Why are we doing that? There's a simple reason. In relation to the social insurance number, the current penalty is such that there's a punishment of up to $1,000, a one-year imprisonment, or both, which fundamentally means a court action, of course.

[Translation]

Mr. Paul Crête: The figures that you have just given me already appear in the article. What I wanted to know is how important it is to HRDC to address fraud problems in a system in total disarray and to describe the efforts you are making to resolve problems in other sectors, so that fraud isn't made out to be the sole culprit. How much effort is HRDC devoting to resolving the problem of fraud within this system in crisis?

[English]

Mr. John Knubley: I think the answer is in the Auditor General's report. There were 1,713 cases of fraud last year, while there were over 4,000 cases in 1992. Clearly, the number of cases of fraud has fallen in relation to the SIN. As I was saying, in terms of the broader activity, in terms of investigation and control in relation to employment insurance, this is therefore a very small proportion, because we're in fact talking about over one million cases in terms of EI right now. So the SIN is clearly a very small portion of what we're doing.

• 1615

I think the Auditor General rightly asked why we aren't doing more, so we're trying to respond to that. One of the problems is that we don't have an administrative penalty. So I think there is something we can learn from the Employment Insurance Act.

On the issue of performance indicators, however, because the social insurance number is touching on so many departments and programs, it's our feeling that it is unlike the employment insurance program and the investigation control in relation to it. We will therefore ask for a fixed set of resources to pursue SIN fraud.

[Translation]

Mr. Paul Crête: Let me repeat my question: what steps are you taking to deal with problems other than fraud, specifically the situation mentioned earlier where we have 11.8 million numbers that have not been certified and 4 million more SIN numbers than there are Canadians aged 20 or older? Which components of your action plan target problems other than fraud? I want to know if fraud is the biggest problem you have to contend with or if, as the Auditor General pointed out, things have gotten out of control because of the multiple uses made of the SIN. I'm not saying that you're personally responsible for this state of affairs, but I'd like to know what else the department is doing. Are you going to tell us once again that your primary focus is tracking down persons who defraud the system?

[English]

Mr. John Knubley: Let me try to answer that question, because I think I can. I apologize if I didn't understand it clearly earlier.

I believe the Auditor General's report identified something to the effect that for Canadians over the age of 20 in relation to Canada's population, there are four million more SIN cards. Clearly, there's a problem. How are we trying to address this? We are trying to focus on what we call the data integrity issue. We think that if we really link to vital statistics and identify all the people who have in fact found themselves on the desk register, we will clean up most of these four million. So it's not an issue of fraud per se. That's the first answer.

As a second answer on the broader issue of fraud and what needs to be done, we certainly do feel that our focus until now primarily has been on SIN fraud in relation to the employment insurance program. Given the obvious use of the SIN number in many other areas, though, it is appropriate for us to rethink how we pursue fraud in relation to that. I don't think we want to do this in any punitive or harsh way. What we really want to do is sort out those legitimate cases where people have intentionally undertaken a fraudulent activity with the use of the SIN card.

I hope that answers your question finally. I apologize if I didn't earlier.

[Translation]

Mr. Paul Crête: Thank you. In Parts I and II of the 1999-2000 Estimates, the following is noted:

The objective of the Human Resources Investment and Insurance Program is threefold:

One component aims

...to reduce the dependence of individuals on Employment Insurance Income Benefits and other government income support payments.

Since your department is responsible for this program, can you tell me what other government income support payments fall into this category? What about old age pensions, among other things, since this ties in with the SIN.

[English]

Mr. John Knubley: I don't think there's any linkage with the SIN. I'm not sure how this question relates to the SIN. Perhaps I could take your question on board and you could show me precisely what you're referring to. I can then address this issue at a later date.

• 1620

On the broad issue of dependence that you're raising, I think the intention is to indicate that there is a sense that we want individuals to undertake responsibility for themselves. There's a feeling that for those who are on EI, especially people who are repeat users, this creates a sense of dependency, and that this dependency is inappropriate. I presume that's what's being referred to here, but its clear linkage to the SIN isn't obvious to me.

[Translation]

The Chairman: Mr. Crête, you have one more minute.

Mr. Paul Crête: I'd like to know how long it's going to take HRDC to correct the problems with the SIN system. I'm not asking if other departments should be involved or not. I'm talking about making adjustments to the existing system. When will your department regain control of the system?

[English]

Mr. John Knubley: I think we have control over this system.

The Chairman: That's just a wee bit of a loaded question.

Mr. John Knubley: I don't think this is something that is appropriate for a bureaucrat to talk about. I think it's a question for the minister. But in terms of my activity in relation to them, and particularly part 1, I think the system works.

[Translation]

Mr. Paul Crête: I put the question to you as a government official. The AG has identified some serious deficiencies and if no corrective action is taken, the situation will get out of hand. I'm not talking about maintaining political control over the system, but rather about having some degree of administrative control, that is controlling the number of people who shouldn't be in the system any longer and getting a handle on the number of fraudulent cards in circulation and on cards issued to persons who died long ago. When will the department be able to tell us that the situation is once again under control?

[English]

The Chairman: Mr. Knubley, are you comfortable answering the question about whether or not the current system is still capable of being reformed to meet public policy, security, and privacy objectives, or do you feel that we really need to design a new program? I think that's the spirit of Mr. Crête's question.

Mr. John Knubley: So this is now turning back to the social insurance number specifically and is asking what direction you think the SIN should go?

[Translation]

Mr. Paul Crête: My question isn't about the new system.

Mr. John Knubley: I understand that.

Mr. Paul Crête: It's about the current system. How soon will HRDC be able to say that it has followed through on the AG's recommendations and that the situation is now under control?

[English]

Mr. John Knubley: I think our work plan sets out exactly what our plans are. We have five working groups in place, and we're aiming to complete that work by June. We're confident that we're on track and that this will result in a system that works and will improve the existing system.

The Chairman: Are you in a position to venture an opinion on my footnote to his question?

Mr. John Knubley: Yes, but in the sense that I think it's difficult for me as an official to talk about specific options.

As recently as February 4, we were asked by the public accounts committee to prepare a set of options for consideration by parliamentarians. We've started work in that regard, and I think it's important for me to tell you that. But it's more a matter of setting out options than choosing an option, because as the AG indicates, I think he's looking to parliamentarians to conduct a debate and to reach conclusions on this. As an official, it's our job to give you some of the options.

On this, let me just try to give you a little more to go on. As a point of departure, obviously the AG identified two basic options. One is to build on the status quo and the second is a new approach. I think what we're going to try to do is set out a range of options that move from the status quo somewhere to something as highfalutin as a common client identifier, and to see what kinds of opportunities there really are in that regard. As we said earlier, we're going to build on the federal-provincial-territorial working group report that had specifically looked at the common client identifier, and I think you'll find in there some useful material for your deliberations.

• 1625

Again, our thoughts on all that are preliminary, but clearly the issues at play—and I think you know them well—really relate to how you respect the privacy considerations of Canadians while at the same time recognizing all the efficiency gains that come from electronic commerce. It's a very difficult balance we're talking about here.

From our perspective as administrators, what we might want to caution you about is the costs in relation to any new system. We're talking about big costs here. Although we can't quantify them yet for you, we're really trying to do that as part of our work plan and looking at the options.

In terms of thinking about the options as well, you really want to think through purposes of the use of the SIN. Who are the various groups that are using it, and what are all the technical dimensions? This is the kind of thinking we will be applying to this problem as we move forward.

Finally, a last point is, whatever option you might favour, the public awareness campaign is an important element both in terms of communicating to Canadians what it is the SIN currently stands for but especially if you're recommending that it move towards some other use.

The Chairman: I must confess, your comments provoke a lot of questions, but I don't want to usurp Mr. Dubé's time because I see he's eager to get in here.

[Translation]

Mr. Jean Dubé (Madawaska—Restigouche, PC): Thank you, Madam Chair. I apologize for my late arrival today.

Initially, the SIN was introduced as part of government services. Today, we are hearing from people in various sectors that the SIN is used for a range of purposes, including video rentals and banking. I think we need to start by defining the role of the SIN.

You have raised some interesting points. I'd like to know when you completed your report on the SIN.

[English]

Mr. John Knubley: There was a report completed by a federal-provincial working group on a common client identifier, which, as part of its considerations, looked at the social insurance number. It reported, I believe, although I'm not absolutely clear on the timing, last June, and it concluded that pursuing a common client identifier was not recommended. It recommended that federal-provincial-territorial officials work very closely on the social insurance number and look at ways of improving the registry and improving the points of service related to it.

So, in a way, that report was consistent with the Auditor General's report.

Mr. Jean Dubé: That's fine. I just want to have the date of completion of the report. You believe it was June of last year.

Mr. John Knubley: Yes. I'll have to check that.

Mr. Jean Dubé: You don't have a copy of that report?

The Chairman: Could we obtain one?

Mr. Jean Dubé: Yes, but that's not my point. My point is that we have been working on this for quite some time. This is the human resources development committee, and certainly this report was not made available to us. Had it not been asked for today.... It's unfortunate, because we're trying to find solutions as well to this very important problem, and if all the tools and the studies that were put in place by your department are not made available to this committee, I find it very hard to find un juste milieu.

Mr. John Knubley: I understand your concerns. We apologize for not having provided it to you earlier. I do recall that Hy Braiter talked a bit about the report at his appearance, and we will get you the report as quickly as possible.

[Translation]

Mr. Jean Dubé: Madam Chair, I'd like a copy of the report to be sent to my office as soon as possible.

The Chairman: We'll do that as soon as we receive a copy.

Mr. Jean Dubé: I'd also like to know what action has been taken. Some members seated here at this table mentioned that there were more social insurance numbers in circulation than Canadians. We have even heard that the SIN numbers of deceased persons were still being used. I'm sure you're well aware of this. What efforts have the federal and provincial governments made to identify deceased persons?

• 1630

According to what some people have said, we should be able to communicate more rapidly with the provincial government to obtain copies of death certificates. What is HRDC doing to get these records faster?

[English]

Mr. John Knubley: I'm going to have to work from memory here, and I'm relatively new to this file.

My understanding is that in the 1980s there was a particular effort to link with provinces, and there was a lot of work done with vital statistics. One of the problems at the time was just technology, and as I understand it, the actual result was not as good as expected—namely, that the matching of the data resulted in only a small number of deaths being identified. This occurred around December 1983.

Apparently, all provinces except Quebec provided HRDC with a total of over two million deceased records. A computerized exact match resulted in 21%, or 589,560 records, being flagged, which was very disappointing from our perspective.

But just to be clear, I think we're much more confident today that we will be able to have the technology to match these. We're building on the experience in New Brunswick, which Jacques Bourdages was talking about, where we have successfully matched some of these data. We're quite confident that with the combination of using the OAS data, which I talked about earlier, as well as creating this dormant file, we are really going to address the problems raised by the Auditor General in this regard.

Mr. Jean Dubé: You mentioned the collection of death certificates with the provinces, and you said you were having a hard time with the Province of Quebec in collecting these certificates.

Mr. John Knubley: No, I didn't say that. I said it so happened in 1984 that they didn't participate in that process.

In relation to Quebec, Jacques, did you want to talk about that?

Mr. Jacques Bourdages: I could speak to that a bit.

[Translation]

I could talk about this briefly.

[English]

Mr. Jean Dubé: I want to know the percentage of the data you've collected on death certificates coming out of Quebec and other provinces. Are you getting some out of Quebec?

[Translation]

Mr. Jacques Bourdages: Our primary source of information in Quebec is the Régie de l'assurance-maladie du Québec, the province's health insurance board. Our registers contain approximately 750,000 entries annotated to show that the holder of the SIN number has died, this information having been forwarded to us by the Régie. Unfortunately, I don't have the figures handy, but I do know that every month the Régie notifies us of the death of Quebec residents. It supplies provincial data to us on a regular basis.

The Social Insurance Register currently contains some 3.8 million annotated entries and is likely the most comprehensive record of deceased accounts in the country. With the information supplied by our sources, an additional 150,000 accounts are flagged every year. Information is supplied to us on a regular basis by the CPP, Revenue Canada and the OAS.

Now we need to get in touch with all of the territories and provinces in Canada to collect all of the information that have obtained via their networks concerning deceased accounts and subsequently make the appropriate notations in our registers. If the provinces and territories cooperate, we are very hopeful that we will be able to complete this update over the course of the next year.

The Chairman: You have four minutes left, Mr. Dubé.

Mr. Jean Dubé: How kind of you to point that out. You're not like the Speaker of the House.

At last week's meeting of the committee, I put a question to representatives of Canada's banks. I asked them if they knew what purpose the SIN was supposed to have. Initially, banks were supposed to use the SIN for tax purposes only, although we know that today, they use it to obtain information from credit bureaus. It's not used for tax purposes, but more for gathering information.

• 1635

[English]

The social insurance number was put in place for government services at the very beginning. You're telling me today you are sharing the social insurance number with the credit bureau. What you're doing is opening the window of opportunity for fraud, right? The answer by the banking community was very clear—there is nothing in the law that says that number cannot be used for that.

So I think what we have to do as a government is put the rules in place for the social insurance number. It's a free-for-all for everybody. But has your department recommended any such regulations?

Mr. John Knubley: Our department is the administrator of the SIN, particularly in relation to the social insurance number. The rule we use as administrators is that we work specifically within a legislative framework that is defined by the Employment Insurance Act. There are, I think, over 20 departments that legislatively have the authority to use the social insurance number as a file identifier. I know that sounds like a technical answer—

Mr. Jean Dubé: That doesn't answer my question. This has been going on for many, many years.

Mr. John Knubley: Yes, it has.

Mr. Jean Dubé: What has been put in place? What recommendations by HRDC, which is administering this social insurance number...? What regulations have been put in place?

Mr. John Knubley: In terms of regulations that HRDC has put in place, maybe I'll ask Doug Matheson to talk a little bit about the EI Act and how it relates specifically to the social insurance number.

Mr. Doug Matheson (Director General, Insurance Services, Department of Human Resources Canada): The particular section of the act is 139(5), and under that section of the act, the EI commission has the authority, subject to regulation of the governor in council, to grant access to the registry—in other words, to validate the identity of individuals and the use of their social insurance numbers.

That section of the act has never had, or at least at the moment does not have, any regulations pursuant to it, and the commissioners carry out this role in accordance with government policy. The policy that's in existence today is exactly the same policy that was in existence in the Pearson-Diefenbaker debates in 1964. That is to say, this is not a personal identifier, and that was the very thing that was said by the government in 1964. It is still the government policy today, officially stated, and it is the rule that guides the commissioners in their carrying out of this piece of the legislation.

In that regard, the current social insurance number served us well and we carry on carrying out that role, and I think the Auditor General did say that in his report. So in terms of your question, what recommendations have we brought forward with regard to the use of this number by organizations who aren't mandated by law to use it, the answer is none, zero.

Mr. Jean Dubé: That's the answer I wanted.

Mr. John Knubley: I would just, though, point to Bill C-54, and I did that in my opening remarks.

Mr. Jean Dubé: I missed your opening remarks.

Mr. John Knubley: I'm sorry you missed them; they were really good.

Mr. Jean Dubé: I'll read them.

Mr. John Knubley: Well, maybe since you missed my opening remarks, Bill C-54 is being used—

Mr. Jean Dubé: I'm trying to give a chance to my colleagues across the way here.

The Chairman: Mr. Clouthier.

Mr. Hec Clouthier (Renfrew—Nipissing—Pembroke, Lib.): I guess the matrix of the whole thing is where do we go from here with regard to the SIN, and I think you've answered one of my questions about whether we are going to go to a common identifier. It seems to be the general consensus of opinion through HRDC that we not go to it. But I'm kind of interested, John, in the results of this report that indicate that we do not go to a common identifier. I know you said the provincial jurisdictions were involved with the HRDC people. How would they collect this information? How would they go about it? What are the semantics of it? Do you know? Or, do you know how that was collected?

• 1640

Mr. John Knubley: I'm going to let Doug Matheson answer that specific question. Just to clarify, as an official I think what I'm saying to you is there is this report and it does recommend that a common client identifier not be pursued. I don't think I'm indicating to you as an official what the position of HRDC is with respect to this matter. That would be the responsibility of our minister.

Doug, do you want to answer the specific question?

Mr. Doug Matheson: The particularly working group that was in place is a working group of some long standing. It's essentially a working group that involves informatics professionals, both at the federal level and at the provincial levels, particularly with regard to social services. Of course this group has an interest in exchanging information, and we do exchange information with most provinces and have official agreements to permit that exchange of information.

The informatics professionals who gathered, and who continue to meet relatively frequently to talk about technical matters, considered the subject of whether it wouldn't be more efficient to have a common client identifier that could be used across all jurisdictions. Their conclusion, the data they gathered, was of course from the point of view of informatics and the computer industry, not necessarily from the point of view of whether or not a particular program would be better administered or whether or not privacy considerations would be fully respected, and so on.

I wasn't part of the working group, although I was fairly close to the report and I did see the report at various stages. I think their conclusion was reached based on the fact that there were a number of extraneous restraints and constraints, such as privacy acts in various provinces and in the federal realm, and also the fact that it was possible to obtain essentially the same benefits in matching data and exchanging information simply by using the name and the address of the individuals, so there wasn't a need to actually invoke the common client identifier. In order words, the savings that could be gained from having it in just this particular realm didn't necessarily outweigh, in their minds, the cost of putting such a scheme in place. It rested at that point from their perspective in that narrow domain.

I think that would echo John's concern here that the report not necessarily be taken as the view of our minister or the view of all bureaucrats, that this would be the best solution to the problem. We continue to study the problem in response to the Standing Committee on Public Accounts.

Mr. Hec Clouthier: John, I think you said the number of fraud-related incidents had gone down?

Mr. John Knubley: I believe the numbers last year were 1,713.

Mr. Hec Clouthier: That's as opposed to 4,000?

Mr. John Knubley: Yes, there were 4,000 in 1992, and even that is a very small amount relative to the total amount of—

Mr. Hec Clouthier: So they have gone down substantially from 1992 until 1998 or 1999.

Mr. John Knubley: Yes, I think the reason for that—

Mr. Hec Clouthier: It's probably because of the Liberal government, but that's beside the point. Go ahead.

Mr. John Knubley: I wouldn't personally want to make that link, but I think the point here, in fact in relation to the social insurance number, is that often creating 30 SIN numbers in itself isn't the problem. It's actually when someone takes the SIN numbers and uses them to get EI or the Canada Pension Plan or whatever. From our perspective, the real issue is when the fraud occurs in relation to these particular programs, as opposed to the social insurance numbers.

Mr. Hec Clouthier: Were there checks and balances put in place to detect this so there wouldn't be as much fraud?

Mr. John Knubley: Yes.

Mr. Hec Clouthier: Okay.

The Chairman: Mr. Wilfert, you have the floor.

Mr. Bryon Wilfert (Oak Ridges, Lib.): Madam Chairman, pursuing this, which we have for many weeks, many months now, I'm just curious before I ask a couple of specific questions, who did the report that's recommending there be no common client identifier?

Mr. Doug Matheson: Essentially the working group is composed of the heads of informatics of social services in the provinces and the head of informatics of HRDC.

Mr. Bryon Wilfert: And when was the report completed?

• 1645

Mr. Doug Matheson: It was first completed in the fall of 1997, but I don't believe it was formally published until the spring—June 1998, I believe. There was a leaked copy of the report during your debates in the House, and I believe the minister was called on to answer questions regarding the report back in the fall of 1997.

Mr. Bryon Wilfert: We have spent some time on this issue, and one of the roads we've been on has been the issue of whether or not we should be moving toward a common client identifier. One report isn't going to persuade me one way or the other. However, it would have been nice if this committee had had the report. At least it would have helped to shorten the discussion we had, or provided more information.

I know there are many cooks involved in the SIN, because there are about seven departments. This is enough to get you a little on the steamed side. After all, if there's that kind of information out there, particularly because of who is involved, I think it would have been constructive to the discussion and the debate. So if these things are floating around.... I must say I don't always listen to the opposition, but obviously if there were some leaks, of course I would have liked to know so we could have had this information in the committee. So I hope we could get that as quickly as possible.

Having said all that, we're engaged in development of public policy. Clearly, if we go back to what the purpose of the SIN was and why we need it, and if we assume we still need it today, we still think there's a purpose, and given the fact that we can say with some assurance, regardless of the number of frauds that are going down or not.... There are certainly more numbers out there than there are individuals. This is including my colleague, Mr. O'Reilly, whose dog got a SIN number.

Mr. John O'Reilly: He's got a better credit rating than me. I hope he never runs into a pet store.

Voices: Oh, oh!

Mr. Bryon Wilfert: So we know that fundamentally there's a problem. We know the design of the card is pretty outdated in comparison to what is on the market today in other fields. It's very outdated. We also know there is a phenomenal misunderstanding generally, both by the user and by people in industry, business, and other areas about its use. In other words, it's been so badly misused I don't think anybody understands what the purpose is. So we know all that.

It would seem to me what I've been trying to get at for the last few months is that we talk about whether we should develop a new card for the same purpose it was originally designed for, or for something else. And yes, we talk about costs. But I question all these band-aids we seem to be putting on what could be described as open wounds. It isn't very effective.

Are we going to spend more money in the long term trying to fix a problem that isn't fixable? If that's the case, I would also like some detailed information about what other states have been doing. There are other jurisdictions. What have they been doing? What were the pros and cons? I think that would probably simplify some of the discussion about why they've gone in one direction or another.

But if in fact we come down to the view that there's a purpose for the SIN, that we need it, and that in fact the SIN is going to be used for very, very specific reasons, and if it's out of control and people have no confidence in it, then I would suggest we really should be getting some material and some answers on the cost. Give us some real numbers.

In the context of all the other things we've talked about, if we're not going to go down one road, then what are we going to do? What are the cumulative costs in terms of all these patches that have been trying to mend a system that fundamentally...? I mean, you can only mend a busted car for so long. If the car doesn't really work, you can't keep it on the road too long. This car's been on the road for over 30 years, and I would suggest maybe it's time, if we're really serious.... Or maybe we don't need a SIN number at all. There would be a lot of people who would be quite happy not to have any number. But I think the fact is that if we're going to use it, let's look at that issue.

• 1650

So I would ask you gentlemen if you have any comments. I'd rather deal with the tools as quickly as possible, so that maybe we could get on with something else, some other issue.

Mr. John Knubley: Regarding the development of a new card, I think we are looking at the options there.

We have started from the perspective of a file identifier and a card in that context, and there is a big question as to whether it's the card itself that's the problem or whether it's really the issue of being able to authenticate and undertake proof of identity when we're issuing the card. I think what we're saying is that our focus now is to really ensure that proof of identity and integrity of the data are there, because what we want to be able to do under the current system is be able to authenticate these people when they're asking for the cards. That's what all this talk is about in terms of matching data with the provinces and all that.

So I think from our perspective.... I mean, we have a working group on the card itself, but a main focus for us really is the integrity of the data and proof of identity, and making sure that when people come into the office we can authenticate it. And that's as much of a challenge as changing the card itself.

Maybe I'll just stop there.

Mr. Bryon Wilfert: May I just ask one quick question then, Madam Chairman?

Regarding the issue of the cost, you said you've been looking at it. How long are we going to look at it, and at what point are we at least going to have some preliminary figures?

Mr. John Knubley: I think the answers are twofold.

One is to really identify how the card should be changed, to what extent you should go to biometrics. There needs to be a common understanding among parliamentarians as to whether the SIN is a file identifier or something else.

Mr. Bryon Wilfert: So we have three or four scenarios. We can say, well, if you do it for this, it will be da-da-da; if it's this—

Mr. John Knubley: Correct, and we would cost out those scenarios.

Mr. Bryon Wilfert: And what about a timeframe?

Mr. John Knubley: We have a working group that's looking to report on these issues in June.

Mr. Bryon Wilfert: That is a hard-and-fast date?

Mr. John Knubley: Of course not.

Mr. Bryon Wilfert: Of course not. That's what I'm afraid of.

Mr. John Knubley: Sorry, that was a flippant answer on my part.

The Chairman: You're inspiring fear here.

Mr. John Knubley: The answer is that we are.... Again, with respect to the card itself, until we are certain what option parliamentarians are supporting in relation to the use of the SIN, namely whether it is something more than a file identifier, it will be hard to know why we would go beyond the existing card, because the issue from our perspective is really proof of identity and integrity of the data. I think we believe the current system can work, if we can match data with provinces, as we would hope, and make that work.

Mr. Bryon Wilfert: I could argue that, but I guess my question is.... Unless we have the proper tools in front of us to be able to decide which route we are to go...we need that, but we need it quickly. This has been hanging around for eons, but I guess.... You always say June. I always hear members of various departments come and say June. Is that because we recess for July and August?

An hon. member: Yes, get rid of us rats.

Mr. Bryon Wilfert: That's another two months. In other words, date-wise—

The Chairman: We can always meet. We could ask for a special licence.

Mr. Bryon Wilfert: Of course, at the call of the chair.

I would suggest, though, that we need to get that material. That needs to be here for us to make an intelligent, correct assessment about which option we would like to recommend. I think we've been talking about it since September. So I think we need to get that.

In the same context, you can certainly, even as an exercise, even if it's in camera, look at some cost issues. That also helps, because for some members it may be that the debate and the direction may be shaped by that issue.

Thank you, Madam Chair.

The Chairman: Mr. Wilfert, I have to correct the record. We only started this journey in November.

Mr. Bryon Wilfert: It just seems like September.

The Chairman: While your objectives of proof of identity and integrity of the card look very laudable, in light of the Supreme Court...the fact that they have now ruled that the EI cannot use SIN-linked information collected by Revenue Canada, it seems.... Would it be a fair commentary to say a case could be made that the federal government is the only organization suffering from any restriction on the use of the SIN card? It certainly seems to be an oddity that there are rampant and uncontrolled breaches of privacy using the SIN in the private sector, as we've heard recounted by so many witnesses, yet it has to be one of the greatest ironies here that the federal government can't use the data collected by its own numbering system.

• 1655

The Ontario health system has a different approach, and my understanding is the number can only be used for medical purposes defined by the provincial government. Do you think the privacy of Canadians and the integrity of government programs would be best served if we modelled the SIN on this example? In other words, should we restrict the use of the SIN card to defined purposes of the federal government and prevent its use by credit bureaus, telephone companies, and other private sector organizations? Would that be a helpful recommendation, to eliminate a lot of the abuses in the system?

Mr. John Knubley: I'm going to let Doug Matheson talk about the Ontario health system example. Just on the customs data match, on a point of clarification, this does not directly relate to the SIN. My understanding is the actual data match relates to the E311 card at the border as you're travelling by plane. The name and dates of travel are matched; it has nothing directly to do with the social insurance number.

The Chairman: Are there areas within the current system where you feel it should be used, and are there any restrictions on one department speaking to another for more effective purposes?

Mr. Doug Matheson: There are of course many restrictions, and if we go back to your original point here, the Ontario model is based firmly on the notion that data collected for one purpose by a government agency should not be used for any other purpose. So in the Ontario health system, in order to give effect to that notion, they produced a card with a numbering scheme and an identify scheme of pictures and so on to secure the card, and indicated the card and the numbering on it were to be used solely for the maintenance of the health records of the individuals and solely for the purposes of billing and financial transactions.

If we move back to the arena we're talking about here, the social insurance number, the Privacy Act says that very thing. Data collected for one reason shouldn't be used for any other reason. I think the argument back in 1964 around this being a file identifier was based on that point.

From the point of view of a bureaucrat, putting the weight of the protection of personal privacy on a particular numbering scheme that uniquely identifies an individual and using that as a lever to protect the privacy of individuals is probably not the best possible set of laws you could put in place. If you want to protect the privacy of individuals, I would think you would want a more definitive set of laws that said there were certain liabilities involved, certain penalties for abuse, and a range of other features.

The technical protection, by saying you can't use this number to do a match, is the weakest sort of protection of privacy available. I don't think that's the most efficient means of doing it. In any case, you would have to extend that specifically to the private sector because the federal sector is governed by privacy laws that say we can't use a SIN number to match. But the reason for that isn't because of the SIN number itself; it's because the data that's collected for one purpose is not to be matched and used for another purpose, except under very narrow constraints. The private sector doesn't have any laws of this nature that apply to them, so therein lies some of the difficulty.

The Chairman: It's certainly an irony in the current situation where the government can't look for efficiencies using the SIN number. Do you see a benefit to restricting its use by credit card and telephone companies? Do you see a benefit if we restrict the use of the SIN card in the private sector?

• 1700

Mr. Doug Matheson: Frankly, I don't think you can protect individuals' privacy in that manner. That's my personal view as a bureaucrat.

The Chairman: Thank you very much for venturing a personal opinion.

Mr. Scott and then Mr. Vellacott, on a point of information.

Mr. Andy Scott (Fredericton, Lib.): It seems to some extent we're struggling with the fact that we are obliged to offer a recommendation to deal with a problem—this is the barn door and the horse is long gone. We're trying to sort of catch up with this a little bit.

The information is out there, it's being used in ways that were never intended, and it's nobody's fault. When the information began to be gathered, the technology did not exist to allow it to be used in the fashion in which it's being used. Consequently, that's the case.

The struggle we're having with it now is we have to balance conceptually the values around privacy. I was a member of the committee that looked at privacy, and in fact I think you actually appeared before the privacy hearings with the human rights committee of the last Parliament. So we're struggling with those values of privacy. They're very important to Canadians.

At the same time, we're trying to balance that against an efficacy that would be important to your department, in terms of using this between levels of government, departments and so on. Unfortunately we don't have enough life experience with the practical uses of this information to be able to draw a good conclusion as to how to find that balance. We don't ask you in terms of the values of privacy; that isn't for you to tell us. Those are values we understand, and we have other places to seek that guidance.

What we're trying to get at is the sense of the efficiencies of all of this information so we can find that balance. The fact that it's being abused by all kinds of people in all kinds of ways nobody would like is nobody's fault because it has happened through a certain progression of events.

Where recommendations were made by the human rights committee on this issue before, do you have a reaction to them in the context of helping us?

The second question I would put is, in terms of your relationship with the provinces and information you would obviously exchange with the provinces, is there much practical chance that this information would be used to our benefit or theirs, or to the benefit of the system generally, or are we talking about theoretical practical advantages that don't really exist anyway? In other words, are we compromising privacy perhaps, or maybe contemplating compromising privacy, in the pursuit of something we're not going to get anyway?

Mr. John Knubley: Those are very useful comments. I'm going to let Doug talk about this issue in some detail, but in terms of the relationship with provinces, we feel in the current situation there are linkages. They have needs with respect to the social insurance number because it's used in the areas of welfare and workers' compensation. There are some things we could do there to really make the system more efficient. Without going into the details, that's the bottom line.

With those remarks, I'll turn it over to Doug.

Mr. Doug Matheson: The question you pose is disarmingly simple but is quite complex in its day-to-day applicability. You mix two concepts together in a very straightforward way. You take the concept of the social insurance number as a citizen's unique identifier—and I don't think anybody would dispute the government's legitimate role in identifying its citizens—and link it immediately to the exchange of information about the individual in question. It's here that the privacy issue comes in.

The rule we operate by with the privacy legislation we have is that data collected for one reason can't be used for another, except when it's in the public good. Here we don't have a very clear understanding of what “in the public good” might mean. We have taken that to mean to prevent fraud, to prevent various kinds of crime. There is a problem with balancing that prescription or that understanding with a real legal framework around preventing crime. I think the privacy commissioner spoke at your hearings about “dataveillance”. That kind of a concept continues to be one that is awkward for us because the exchange of information that you're referring to most often is a form of “dataveillance”, the detection of fraud between two agencies.

• 1705

In terms of exchange of information, I think we should also look at the fact that there are two situations at play. One is where it directly benefits the individual. For example, we had a case where some individuals were owed payments, but we couldn't locate them. Yet we had another file that had names of Canadian citizens on it with their current addresses. By linking the two files together, we could in fact find the individuals to whom the government legitimately owed money and make the payment. That's one possibility, but that matching isn't currently permitted. We found, eventually, some bureaucratic ways to resolve the issue, but helping a citizen is clearly one goal.

Most often, the matching of data isn't to help a citizen. It's to help citizenry, or the public in general, through detection of fraud, and it's here that the balance is most difficult to properly define. The current privacy framework, first of all, doesn't apply to the private sector, who may do things with this data as well. Second, it states that things shouldn't happen, but it provides for no framework for punishment or for liability. It provides for no recourse for citizens for this. What has happened is that the onus has been placed by the public on the social insurance number as the one means of preventing the match, because the social insurance number is the one means of uniquely identifying a citizen and making the matching practical.

Hence, the argument tends to rest on the social insurance number in a technical kind of way to prevent abuses of individual citizens' personal data, whereas the privacy laws are too weak to actually do it. I think this was a conclusion that your hearings also reached, so I'm not venturing just my own opinion here; I'm venturing what I think your committee also discovered.

In that regard, our exchanges of information with the province are beneficial in the public interest, because they prevent fraud, and they're widespread, by the way. We exchange data with social service agencies in most jurisdictions for the prevention of fraud, and here it's the prevention of fraud in the provincial realm because we're the first payer. That is, if a citizen qualifies for insurance, we pay. The province only pays welfare in the cases where an individual has no other sources of income and so on.

We help provinces by helping them prevent fraud in their jurisdiction through exchanges of various information. That kind of exchange, though, also gets into the question of what is “dataveillance”? Is this beyond the limits of what is right in terms of protecting an individual's right to personal privacy and a right to their own data?

There is very limited jurisprudence on this in this country, and we continue to try to work cautiously to service both the public good and to protect the rights of citizens.

I ventured my own opinion a moment ago that the current—

The Chairman: We're a liberal committee; you're allowed to offer an opinion.

Mr. Doug Matheson: I ventured my own personal opinion that the current focus on the use of the social insurance number, as a means of preventing matching, is too weak to really do the job. That is, if you don't want matches to take place, I think the law has to say so, as opposed to putting into place some restrictions on the number that uniquely identifies a citizen in the hope that it would protect their privacy by just making it too difficult to do matches.

The Chairman: Thank you very much. We'll ask the clerks or the researchers to provide you with the privacy report on the human rights committee to add to our knowledge.

Mr. Crête followed by Mr. Vellacott.

[Translation]

Mr. Paul Crête: I would like to share with you two pieces of information. First, Quebec has had privacy legislation on the books for the past four years. It safeguards personal information in the private sector. It would be very interesting to see whether the federal legislation on electronic commerce goes that far. It would be rather ironic if we ended up in a situation where the government had fewer rights than the private sector in Canada.

• 1710

Second, on the subject of transient unemployed workers, Justice Tremblay-Lamer noted that the minister could have said he wanted to target potential fraud cases. The judge said the minister had erred by stating that generally speaking, all transient unemployed workers could be looked upon as possible defrauders of the system. That's where he contradicted the legislation. Had he stated that there was sufficient presumption of guilt and that he could target people whom he had singled out to be investigated, then the legislation could have applied. We don't need to amend the law for that.

[English]

The Chairman: Thank you, Mr. Crête. Any comments?

Mr. John Knubley: I do think that Andy Scott has addressed the fundamental issue, which is, what is the balance around the values of privacy versus the efficiency gains to be made in the context particularly of electronic commerce?

I think Doug gave a very good answer around this issue, actually focusing more on privacy issues than efficiency issues.

What I did want to say was that I think on the efficiency side there are very many challenging issues in the context of electronic commerce and the emergence of public key infrastructure, and these are very complicated issues. Mr. Scott challenged departmental officials to state clearly where they sat on the efficiency side. I would like to say it's as complicated as the privacy issues, and this is a hard task to figure out the appropriate balance between privacy and efficiency.

The Chairman: But not too complicated to find a solution, hopefully.

Mr. John Knubley: Hopefully not.

The Chairman: Mr. Vellacott, you have the last round of questions.

Mr. Maurice Vellacott (Wanuskewin, Ref.): There's obviously a difference between EI fraud and the fraudulent use of a SIN number, as in my using somebody else's SIN number or somebody using mine. That to me would be a fraudulent use of the SIN number.

My question is, to what extent is the employment insurance administration using SIN numbers to look for EI fraud—say on a percentage basis of 100%—rather than the fraudulent use of SIN numbers per se? Do you follow the drift of my question?

Mr. John Knubley: I think I can answer your question.

My understanding of the 1,713 cases of SIN fraud is that half of them were related to EI, number one. Second, our focus in terms of pursuing fraud in relation to the employment insurance activity is focused not on SIN itself but actually on the fraudulent activity of claimants in regard to employment insurance.

Mr. Maurice Vellacott: So about 50%, you're saying?

Mr. John Knubley: Yes, 50% of those related to SIN specifically. So there's a very small number in relation to the total number of EI fraud investigations each year, which is about 1,200,000, I believe.

Mr. Maurice Vellacott: Right, so it's not a big percentage that are actually narrowing in on the fraudulent use of the SIN card.

Mr. John Knubley: Yes, it's a very small amount.

Mr. Maurice Vellacott: Okay.

The Chairman: Mr. Johnston followed by Ms. Ablonczy.

Mr. Dale Johnston: Thank you, Madam Chairman.

The public accounts committee is also studying this business of the SIN, and I think it would be beneficial for us to compare notes with the public accounts committee from time to time.

We've heard it said that the original intended use for this number was as a file identifier for CPP, and it was never intended to be a common identifier. But the truth is that it has become a common identifier through osmosis, or evolution or something, and perhaps what we need to do is return to the original intended use and reissue a card that's called the CPP access card or something like that.

As far as our tax records are concerned, and all of the other things it has evolved into.... I heard you say that in order to match up some of these things you had to go back to people's names and addresses, and that's still a pretty fair way to identify people for tax purposes, in my opinion.

• 1715

So what are your feelings on such a radical idea as that?

Mr. John Knubley: I think our focus as administrators is precisely on the legislated use of the social insurance number as a file identifier. There are currently 20 federal programs that are legislated to use the SIN, and CPP would be one of those 20 programs.

I think the problems arise especially in relation to the private sector, and this has occurred primarily as a result of Revenue Canada and the requirement of using the social insurance number in relation to tax filing. This has led banks and other private sector groups to use the social insurance number in a way that was not originally anticipated.

Again, that's the scenario we face. From our perspective as federal administrators of the program, the social insurance number is being used within our sphere of activity for the purposes of a file identifier.

Mrs. Diane Ablonczy: If this committee were to recommend legislation that would simply do away with the SIN, and legislation were put in place to achieve that, what challenges would that provide to you as administrators, and what kind of a timeframe would you think would be required to make the necessary adjustments?

Mr. Doug Matheson: I think what would happen would be that the elimination of the social insurance number would eliminate the only method we have to uniquely identify each citizen. The name of a citizen does not uniquely identify the citizen, and their address is variable. So by eliminating the number, we eliminate our ability in a community as large as Canada to uniquely identify each individual citizen.

Your question would then be, what problems would we have as administrators if we couldn't uniquely identify each individual and the transactions that those individuals have with us? How would we keep those transactions from being confused?

In terms of service transactions, it's probably not a killing issue. But in terms of financial transactions, it would be quite onerous.

For example, for individuals who are remitting contributions to programs or taxes to the government, we would have a great deal of difficulty keeping straight their contributions file to make sure each individual was credited correctly. What it would probably lead to is the invention on our part of some other method of uniquely identifying individuals.

I suppose if I go one step forward from that, in the move towards electronic commerce, something we are all considering from a bureaucrat's point of view is what role the government might play in electronic commerce, and some method of identifying each citizen uniquely is essential.

Think about a very small community for a moment, where you have only maybe 100 people, everybody knows everybody else, and there's never a question of identity. That's essentially what we're trying to achieve in a community as large as this country, and I think most of us would understand that a legitimate role of government is to be able to identify all of its members in some fashion. The unique identification of each citizen is one of the essential ingredients to carrying on government business with each citizen.

The method of carrying out that role right now is a social insurance number. So if you simply pass legislation to remove it, we would struggle to find an administrative replacement. I think it would be quite difficult.

Mr. Dennis Kealey: I want to give you a more specific illustration of the difficulty.

We administer the Old Age Security and the Canada Pension Plan. There's about a 60% overlap of clients; that is, individuals receiving both benefits. If we didn't have the SIN, which is common to both programs, we would still have to have a numeric identifier. Presumably it would be different in both sets of files. If we had separate, numeric file identifiers for both of the programs, we would lose efficiencies on entering addresses, recording deceased persons, all those kinds of things, and that's just within the realm of income security programs.

• 1720

Mrs. Diane Ablonczy: You can't live with it and you can't live without it.

Mr. John O'Reilly: There are not many Ablonczys out there, but there are a lot of Smiths and Johnstons.

Mrs. Diane Ablonczy: And O'Reillys.

Let's get back to the problems with the system. As you know, there's a lot of abuse, and that's why we're here really, because this has become an issue, rightly or wrongly. One of the things we know is that there's no federal legislation that governs the use of SIN numbers by the private and public sectors, and really the procedures for investigating and laying charges for abuse or fraud are pretty unclear.

The Ontario government, in 1991—not the present government, but the former one—brought in this Health Cards and Numbers Control Act, which you seemed to have some familiarity with when you responded to the chairman. Apparently, this has been a very effective system for them. The question is, is this kind of legislation on the agenda of your working group, working group 3, in examining ways we can tighten up the system?

Mr. John Knubley: I understand that it's on our work plan for working group 2.

Mr. Doug Matheson: No. It's on the working group for track 2, which is examining the various options.

Mr. John Knubley: I'm sorry.

Mr. Doug Matheson: It is an option we are considering.

I think Madam Chairman raised the point of whether or not we could emulate the Ontario situation by restricting the usage, and I think my response then, as I would respond to you now, was that we could in fact do that. We are considering how it might be carried out, as one of several options. But it does have the weakness I pointed to; that is, it places the burden of protecting an individual's privacy solely on the social insurance number, which in my opinion is an unfair place to put it. That is a weakness that would exist with that scheme.

At the same time, it would also totally eliminate possible efficiencies that could come from using this number in an electronic commerce mode for purposes other than that for which it was originally defined. For example, in the Ontario scheme they're unable to use for drivers' licences the health number system and the identity they've given to each of their citizens. They have to have a totally different scheme of identifying individuals for their drivers' licences because their legislation prevents any efficiency gains from a cross-reference between the two.

Mrs. Diane Ablonczy: So you are examining these issues—

Mr. Doug Matheson: Oh, yes.

Mrs. Diane Ablonczy: —and you are going to make some recommendations.

I think you can see that the response of the committee is this: so what if there are separate private systems for each of the programs? It may not be quite as convenient, but certainly we wouldn't have some of the problems we have today.

Also, the work plan doesn't really mention this whole area of privacy, which I think you can see from the committee's questions to you is a huge issue. I wondered why the Office of the Privacy Commissioner wasn't included in your working groups on either a formal or an informal basis.

Mr. John Knubley: They are involved in our working groups.

Mrs. Diane Ablonczy: It's not on your work plan.

Mr. John Knubley: Then it's an oversight.

Just to clarify a little further, it is important for you to understand that HRDC is primarily the administrator of the program. On all of these issues, particularly what we've just called track 2, that is, the big policy question, we need to work very closely with our other federal departments, particularly Treasury Board, which is in fact in the lead with regard to policy and guidelines on this issue. In relation to the private sector, Industry Canada has responsibilities here and has already undertaken activity in relation to Bill C-54.

So while I know this isn't a satisfactory answer to you, the people you are talking to today are the administrators of the program, and that is our focus. To address some of these broader policy options, we have to deal with our Treasury Board and Industry Canada colleagues, among others, as well as the privacy officials.

• 1725

Mrs. Diane Ablonczy: I would just point out that if privacy is an integral part of what you're doing—and I would suggest it is—it doesn't give us a lot of comfort for you to say somebody else has to look after that, that's not our job. Surely, this is integrated, and as the coordinators of the work plan, you have to make sure that gets done and not say, I hope somebody else is doing it somewhere.

Mr. John Knubley: I totally agree. In terms of how we administer the program, we work very closely with the privacy commissioner and his people.

Mrs. Diane Ablonczy: I suggest that it would be helpful if you identified that in your work plan so that we can see exactly what the scope of this really is.

Mr. John Knubley: Agreed.

The Chairman: I see that there are many more questions, but unfortunately time has run out. However, we'd like to reserve the right to pursue this at least in writing with more questions from members.

Thank you very much for coming. Your insights were very helpful.

Mr. John Knubley: Thank you.

The Chairman: The meeting is adjourned.