;

HUMA Committee Report

If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.

Committee Report

INTRODUCTION

Over the past five years, the Auditor General and this Committee have examined and reported on problems associated with the management of the Social Insurance Number (SIN) and the Social Insurance Register (SIR). On 28 November 2002, the Committee held a meeting to review the findings of the Auditor General of Canada’s 2002 audit of the SIN. On 13 February 2003, we held another meeting to examine Human Resources Development Canada’s (HRDC) Action Plan to address the problems identified in the Auditor General’s latest audit of the SIN.

Although we do not know the exact size of the gap between the number of SINs issued and the potential number of SIN users, we recognize that it will take some time to restore integrity to the SIR. Members of the Committee are pleased that HRDC has increased its fraud investigation activities, has developed a fraud-screening program and has begun to develop a comprehensive risk management strategy for conducting SIN investigations. We are also pleased that HRDC has begun to de-activate dormant SINs and intends to introduce an expiry date on SINs used by temporary residents.

While these measures will undoubtedly serve to improve the quality of the data in the SIR, the Committee has serious concerns with some of the other elements of HRDC’s Action Plan to improve the SIN system. In particular, we do not know if the Plan is fully funded and we doubt that the recent modifications to the documents that may be used in applying for a SIN respect the requirements of the Employment Insurance Act and Regulations. In addition, Members of the Committee believe that more needs to be done to insure that SINs are used for their intended purpose, and that HRDC establish deadlines for all initiatives in the Action Plan and report regularly on progress implementing the Plan.

AN OVERVIEW OF THE PROBLEM

The Social Insurance Number (SIN) was created in 1964 as a file identifier for the Canada Pension Plan, the Quebec Pension Plan and the Unemployment Insurance Program (now Employment Insurance). However, the use of the SIN has grown considerably since then, and has become a personal identifier in both the public and private sectors. The Canada Employment Insurance Commission is responsible for the administration of the SIN. Human Resources Development Canada (HRDC) issues SINs on behalf of the Commission and maintains the Social Insurance Register, which contains relevant information on individuals who apply for a SIN.

It is important to note that HRDC does not have sole responsibility for the SIN. The Treasury Board Secretariat is responsible for developing policy and issuing guidelines that govern the use of the SIN at the federal level. The Department of Justice provides legal advice on SIN-related questions pertaining to the Privacy Act and responds to public inquiries regarding inappropriate use of the SIN in the private sector. The Privacy Commissioner investigates SIN-related complaints and monitors compliance with the Privacy Act in his reports to Parliament.

Despite the ongoing vigilance of the Auditor General of Canada, this Committee and others, the administration of the SIN has been problematic for too many years. In 1998, the Auditor General conducted an audit of the SIN and identified many problems with respect to the way in which this activity is managed. This Committee also initiated a study of the SIN system in the same year and tabled its unanimous report, entitled Beyond the Numbers, on 4 May 1999. That report contained 21 recommendations chief among which were: immediate action to correct abuses of the management and control of the SIN system (with a draft bill — The Social Insurance Numbers Control Act — to be presented by 31 December 1999); a government study of the longer term solutions with special attention to data-matching and privacy, based on more complete information about the impact and use of the SIN in the public and private sectors; regulatory reforms to deal with abuse of temporary cards and an action plan with regard to timely investigations of fraud, including progress reports to Parliament; a public information campaign on the legitimate use of the SIN; and appropriate and regulated exchange of vital statistics with the provincial and territorial governments in order to maintain the integrity of the information contained in the SIR.

The government tabled two responses in the House of Commons to the Committee’s report. The first response, released on 16 November 1999, dealt with administrative issues. In this response, the government rejected the Committee’s recommendation for a new act to protect SINs, since it believed that these would be protected through Bill C-6 — since proclaimed as the Personal Information Protection and Electronic Documents Act — among other government actions and plans. The government also rejected the idea of issuing new SIN cards with biometric identification, because the government estimated the cost of issuing a “smart” SIN card as somewhere between $1.2 billion and $3.6 billion (excluding the additional costs to be incurred in the periodic re-registration of SIN cardholders). As for the privacy concerns that the Committee put forward, the government response maintained that the body of case law based on the Charter, the Criminal Code and the Privacy Act, responded to the Committee's concerns in terms of privacy protection in the federally regulated sector. The government agreed in full with the remaining recommendations and also agreed to provide additional details on the administration of the SIN in HRDC’s annual Performance Reports. The government also undertook to implement a communication strategy to inform Canadians of the proper use of the SIN and to take steps to ensure that only information clearly relevant to the verification of an applicant's identity would be requested. It agreed to an expiry date for temporary cards and indicated that existing temporary cards had been reviewed and that those that were inactive (i.e., not used for 5 years) had been identified.

The government's second response, tabled on 31 December 1999, dealt with the Committee’s policy-related recommendations. In this regard, the government rejected the idea of new legislated restrictions on the use of the SIN and cited the increased costs that this would entail for private businesses (whose use of the SIN for their own purposes was unauthorized). The government also rejected the suggestion to establish a national identity system, an issue that has resurfaced following the horrific events of 11 September 2001. Finally, the government reaffirmed that the existing SIN system was still appropriate (given its announced intentions to improve the administration and control of the SIN).

During a meeting to discuss the government responses, HRDC officials assured the Committee that SIN issues (including privacy) were being appropriately dealt with by HRDC and that the Department was following Treasury Board guidelines and the advice of the Privacy Commissioner with regard to the administration of the SIN system. They also told the Committee that HRDC would not be able to provide additional information regarding improvements to the administration of the SIN system until various administrative issues (e.g., reports from 5 internal taskforces in the Spring of 2000, funding and passage of the Personal Information Protection and Electronic Documents Act) had run their course.

HRDC officials also repeated the arguments in the response that Bill C-6 (enacted since as the Personal Information Protection and Electronic Documents Act) would address SIN-related issues and that the government wanted to avoid a debate that might prove inconsistent with the proposed law. The Committee was told that the SIN was only one element of a broad and ongoing debate related to electronic commerce and the protection of personal information that was being led by the Treasury Board.

In 2000, the Auditor General conducted a follow-up audit to the 1998 audit and reported that some improvements had been made in SIN records and that the number of SIN-related fraud investigations had increased. Given these findings and the expectation that HRDC was well on its way to enhancing the integrity of the SIN, Members of this Committee were disappointed with HRDC’s activities as reported in the Auditor General’s subsequent 2002 audit, that identified significant and continuing inadequacies regarding SIN administration and the integrity of the Social Insurance Register.

The September 2002 Report of the Auditor General found that:

the Social Insurance Register (SIR) still contains significant variances from population estimates. If dormant SINs (i.e., 2.6 million) are removed from the SIR, there would still be 2.4 million SINs more than the Canadian population over 20 years old;
HRDC is using the SIN for some of its own programs without obtaining the required approval from the Treasury Board;
although the Employment Insurance Regulations specifically require HRDC to determine both the identity and citizenship status of SIN applicants, HRDC does not respect the intent of the Employment Insurance Act or Regulations in this regard;
HRDC staff focus more on satisfying the SIN applicant than on safeguarding the integrity of the SIN application process;
job responsibilities, training tools and information for issuing SINs vary greatly among local HRDC offices;
since the 1998 audit, HRDC has made no changes in the way it controls the 900-series SINs (i.e. temporary SINs held by non-citizens and non-residents);
HRDC’s staff do not systematically require applicants of a 900-series SIN to demonstrate why they need a SIN, even though this is specified in the Employment Insurance Act and Regulations;
HRDC has not determined the extent and nature of SIN-related fraud and it has not analysed the link between the results of its fraud investigations and the risks associated with the way the Department issues SIN cards; and
there is still no formal training program for SIN investigators.

THE ACTION PLAN

When the Associate Deputy Minister of HRDC, Ms. Maryantonett Flumian, appeared before the Committee on 28 November 2002, she promised to table HRDC’s Social Insurance Number Action Plan with both the Auditor General and this Committee. Distributed to Members of the Committee on 10 December 2002, this Plan consists of 14 initiatives, the successful completion of which is contingent on suitable funding and the involvement of other federal departments and agencies. The 14 initiatives that comprise the current Action Plan are:

to use the SIN only where authorized by the Treasury Board;
to ensure that the reporting on improvements to quality of the information in the Social Insurance Register (SIR) is clear;
to ensure that policies and practices for determining identity and citizenship status of SIN applicants respect the intent of the Employment Insurance Act and Regulations;
to re-consider goals for 900-series SINs and revise policies and practices accordingly;
to assess the reliability of all identity and citizenship documents accepted for SIN applications;
to strengthen the Proof of Identification program for SIN applications;
to set goals for the completeness and accuracy of the SIR and take the necessary steps to meet them;
to place an expiry date on 900-series SINs;
to reduce the number of usable SINs in the SIR;
to adopt a risk-based approach to investigating SIN-related fraud;
to assess the effectiveness of SIN public awareness activities;
to develop a means of checking the validity of identity and citizenship documents with the authorities that issued them;
to ensure that staff has the proper training and tools; and
to develop agreements with partners to improve the integrity of the SIR.

As noted in the Action Plan, HRDC initiated a number of measures on 8 October 2002. These measures include accepting only original identity documents for SIN applications, deactivating SINs that have not been used in the previous five years and obtaining authority to introduce expiry dates on 900-series SINs (i.e., those belonging to individuals who are neither Canadian Citizens nor permanent residents). HRDC has also initiated discussions with Citizenship and Immigration Canada for access to immigration data to establish proof of identity and need for a SIN regarding applicants who are not permanent residents and to validate the identity of foreign-born citizens. HRDC has also initiated discussions with some provinces to validate SIN application information against vital statistics information. In terms of staff training, HRDC has updated its computer-based training course and provided staff with an Identification Document Guide to help them recognize false documents. New tools, such as ultraviolet lights, have also been provided to help staff detect false documents.

While the Committee is heartened by HRDC’s recent efforts to manage the SIN better, many Members of the Committee are frustrated by the slow progress that this Department has demonstrated in the past five years to address this very important problem. We are also not convinced that HRDC’s current Action Plan is sufficient to do the job.

I. Funding

The Action Plan states that the completion of each of the initiatives outlined above is contingent on the availability of suitable funding. While this is understandable, we are mindful of the fact that a lack of funding was cited as a key reason for not fully implementing HRDC’s previous action plan to fix the SIN. Many of us are concerned that HRDC has not yet demonstrated a strong enough commitment to secure the necessary funding to implement its Action Plan. During our meeting on 13 February 2003, the Assistant Auditor General, Ms. Maria Barrados, said that “we expected that the Department would have a clear idea of what the cost would be and would secure appropriate resources before providing an action plan to the Committee.”¹ We share this expectation.

During the same meeting, the Associate Deputy Minister, Ms. Maryantonett Flumian, indicated that HRDC had initiated all of the steps required to secure funding for the Action Plan and that it expected to obtain these resources in Supplementary Estimates for 2002-2003. Moreover, she indicated that some resources have already been reallocated within HRDC to begin implementing the Action Plan. We doubt very much that a one-time funding allocation will be sufficient to improve the administration of the SIN and enhance the integrity of the Social Insurance Register as outlined in the Action Plan. Since the Associate Deputy Minister was unable to inform the Committee of the overall costs associated with the Action Plan, Members of the Committee have no way of knowing whether the funds that may be forthcoming in the Supplementary Estimates will sufficiently cover Action Plan costs in the remainder of this fiscal year. In addition, the Associate Deputy Minister did not address the issue of on-going funding or assure the Committee that HRDC would identify internal funds to get the job done in the event that additional funding cannot be obtained.

In our opinion, the Department has delayed for far too long in committing the financial resources necessary to fix the SIN. No doubt the funding of the Social Insurance Number Action Plan will be one of the areas that this Committee studies during its review of the Main Estimates for 2003-2004.

Recommendation

1. The Committee recommends that the government ensure that adequate funding be made available through new or existing sources so as to ensure the successful implementation of all the elements of the Social Insurance Number Action Plan and any other measure that may be required to restore the integrity of the SIN and the SIR.

II. Respecting the Legislation Underlying the SIN

As noted previously, in her 2002 audit of the administration of the SIN, the Auditor General expressed the view that HRDC’s SIN application process does not respect the intent of the Employment Insurance Act or Regulations in determining both the identity and citizenship status of SIN applicants.

According to section 138 (2) of the Employment Insurance Act, the Canada Employment Insurance Commission shall maintain a register containing the names of all insured persons registered with the Commission and such other information as it determines is required to identify accurately all persons so registered. To do this, the Employment Insurance Regulations state that, among other things, every application for the registration of a person shall be accompanied by such documents and other information as is sufficient to determine the identity and status (i.e., Canadian citizenship or immigration status) of the applicant.² The Employment Insurance Regulations do not specify which documents are considered sufficient to determine the identity of SIN applicants.

On 8 October 2002, HRDC announced that SIN applicants would be required to present one original primary document from an approved list as proof of identity when applying for a SIN.³ As in the past, some of these primary documents cannot be linked conclusively to the applicant. For instance, an original birth certificate is an approved primary document, but it does not in itself prove the identity of the applicant. In our view a Canadian passport, for example, is a more rigorous proof of identity document but, unfortunately, it is not on HRDC’s approved list. Moreover, since some of the approved documents alone cannot prove the identity of the applicant, Members of the Committee wonder why only one document is required to apply for a SIN.

Many Members of the Committee do not believe that the documents HRDC has decided to accept as proof of identity currently allow the Department to establish conclusively the identity of SIN applicants as required by the Employment Insurance Act and Regulations. When the Associate Deputy Minister, Ms. Maryantonett Flumian, appeared before the Committee on 13 February 2003, she indicated that HRDC decided to accept, for the time being, the aforementioned list of primary documents rather than establish a more rigorous application process. For the longer term, HRDC sought the advice of an interdepartmental Committee, which is supposed to report in September 2003 on other modifications HRDC can initiate regarding this matter. In short, it would seem that HRDC opted for a half measure, believing it to be an acceptable compromise between protecting the integrity of the SIN and serving Canadians. However, many Members of the Committee consider that the Department has settled for an application process that neither conforms to the letter of the law nor minimizes the potential for compromising the SIN system.

Taking into consideration the broader public-policy debate regarding issues of security in the aftermath of the terrorists attacks in the United States on 11 September 2001 and the current Canadian debate on the need for a national identity card, the Committee is well aware that establishing identity has taken on greater importance in Canada as in other countries. The Committee is also aware that identity fraud poses threats to privacy, security and the integrity of publicly funded services. It is thus imperative that HRDC take immediate action to ensure that it is meeting the requirements of the Employment Insurance Act and Regulations for determining the citizenship and identity of SIN applicants. HRDC could emulate the application process used in other federal programs where additional controls have been put in place to verify the identity of applicants. For example, the proof-of-identity program used by the Passport Office requires that an eligible guarantor sign the application attesting to the authenticity of the statements contained in the application and certifying that the photos submitted are a true likeness of the applicant. As well, HRDC should take into consideration the application process set up by Citizenship and Immigration Canada that requires two pieces of identification with a photo and other primary documents to establish proof of identity before issuing a Certificate of Canadian Citizenship.

Recommendation

2. The Committee recommends that:

Human Resources Development Canada immediately require all new applicants for a SIN to provide, in addition to one of the currently accepted primary documents, one other document that contains a photograph of the applicant (e.g., passport, driver’s licence, etc.) or, if photo identification is not possible, at least two other identification documents;

By 1 January 2004, Human Resources Development Canada determine which type of photo identification documents will be required to apply for a Social Insurance Number, including photographs accompanied by a guarantor’s declaration like that required when applying for a Canadian Passport;

Once the government has made a decision regarding photo identification documents, the government amend the Employment Insurance Regulations to list all acceptable identification documents and to require individuals to provide at least two original identity documents, including one photo identity document, when applying for a Social Insurance Number.

III. Appropriate Use of the SIN and Personal Information on Applicants

As indicated in the Action Plan, HRDC intends to develop a means of checking the validity of the information provided by SIN applicants by comparing the information on identity and citizenship documents with that contained in the vital statistics registries of the provinces and territories. While Members of the Committee encourage HRDC to establish this safeguard as quickly as possible, some of us are concerned that such information sharing may pose certain threats to individuals’ privacy. Measures should be in place therefore to restrict access to those data elements required to validate the information contained in the proof of identity documentation submitted. Improving the proof of identity and citizenship procedures in the SIN application process will go a long way in reducing the scope and incidence of fraud and abuse, but this alone will not eliminate the possibility that a SIN, once issued, may be fraudulently used to access publicly funded programs. As the Auditor General pointed out in the 1998 audit of the SIN, a secondary system of identity verification is necessary at the point of use to confirm that the person presenting the card is in fact the person to whom the card was assigned.

The Committee is also concerned that HRDC has not provided any information that would indicate that the de facto use of the SIN as a national identifier has been curbed. The Associate Deputy Minister stated that a public awareness campaign on the proper use of the SIN was completed in 2001 and that an evaluation is underway to assess its effectiveness. She told the Committee that, based on the results of that evaluation, HRDC plans to develop and implement a communication strategy targeting specific groups who may still be unaware of the appropriate use of a SIN. The Committee will wait until this strategy is released, but Members of the Committee would like to remind HRDC that, according to Chapter 11 of the 2002 Report of the Auditor General, the public awareness activities of 2001 and 2002 were limited in scope and that, as a consequence, a communication strategy to reach a wider audience might be necessary and should be anticipated.

The Committee is mindful of the fact that the Personal Information Protection and Electronics Document Act will not be fully implemented until 2004. This law does not specifically deal with the SIN, but captures it in the definition of personal information. In conjunction with HRDC’s commitment to implement a communication strategy, this law may be effective in curbing what many of us perceive to be widespread inappropriate use of SINs. It is extremely contradictory for the federal government to expect others to properly use the SIN when it fails to do so itself. There is absolutely no excuse for HRDC’s unauthorized use of the SIN in any of its programs. While the Action Plan indicates that HRDC programs will be compliant with Treasury Board’s list of programs authorized to use the SIN by March 2003, we are not convinced that this problem is resolved. The Treasury Board Secretariat has initiated a government-wide review of compliance of federal institutions with Treasury Board’s policy on use of the SIN and is expected to report its findings to the Treasury Board by June 2003.

Recommendation

3. The Committee recommends that:

· Human Resources Development Canada reassess its plans for the 2003-2004 communication strategy to inform specific groups on the proper use of the SIN with a view to delivering this strategy to a larger public by using, for example, the national media as recommended in Chapter 11 of the 2002 Report of the Auditor General of Canada;

· The Treasury Board act quickly to revise its policy and guidelines if warranted by the Secretariat’s findings regarding compliance of federal institutions with policies on the use of the SIN;

· One year after the complete implementation of the Personal Information Protection and Electronics Document Act, the government conduct a review to determine if specific legislation is required to curb the improper use of the SIN.

IV. Deadlines and Progress Reporting

It is virtually impossible to assess the implementation and progress of HRDC’s Action Plan in the absence of deadlines for specific actions and reports on progress. Of particular note, the Action Plan is open-ended with respect to establishing a comprehensive baseline for the completeness and reliability of the Social Insurance Register; to setting goals for the completeness and accuracy of the Social Insurance Register; to finding ways of strengthening the proof of identity for SIN applicants; and to developing agreements with partners to improve the integrity of the Social Insurance Register. These actions are vital to the success of HRDC’s Action Plan. Members of the Committee believe that HRDC should be clearer as to when these actions will be completed.

Although progress reporting was discussed during our meeting on 28 November 2002 with the Auditor General, Ms. Sheila Fraser, and the Associate Deputy Minister, Ms. Maryantonett Flumian, the Action Plan does not provide for regular progress reports. In view of HRDC’s past failure to address many of the problems identified in the Auditor General’s 1998 audit and given the empty assurances provided by HRDC officials to the Committee during its follow-up meeting on Beyond the Numbers, the Committee believes that the Action Plan should provide for regular progress reports. In the absence of regular reporting, the Auditor General of Canada, this Committee and any other interested party will have no means to gauge the extent and speed of progress. This is important not only in terms of the funding issue identified earlier, but also in terms of monitoring the involvement and co-operation of other government departments and agencies which play an important role in the implementation of the Action Plan.

Recommendation

4. The Committee recommends that:

· Human Resources Development Canada include in its Action Plan deadlines for achieving all of the actions associated with the 14 initiatives listed in the Plan;

· Human Resources Development Canada provide semi-annual progress reports to the Auditor General of Canada and the Standing Committee on Human Resources Development and the Status of Persons with Disabilities outlining the status of all of the actions associated with the 14 initiatives in the Plan. In instances where deadlines are missed, an explanation and a description of corrective action to be taken should be provided.

1 House of Commons Standing Committee on Human Resources Development and the Status of Persons with Disabilities,
Evidence (15:25), Meeting No. 13, 13 February 2003.

2 Employment Insurance Regulations, Part V, Administrative Provisions, Section 89.

3    A Canadian citizen or a Registered Indian may present a Certificate of Birth or Birth Certificate; a Certificate of Canadian
        Citizenship; a Population List; or, a foreign birth certificate and Certificate of Indian Status (for Registered Indians born
        outside Canada). A permanent resident may present a Permanent Resident Card; a Confirmation of Permanent Residence
        and Visa counterfoil in foreign passport; a Confirmation of Permanent Residence and Visa counterfoil on Single Journey
        Document for Resettlement to Canada; a Record of Landing (this document will be phased out starting June 2003 and
        eliminated by December 31st, 2003); a Confirmation of Landing (will no longer be accepted after December 31st, 2003);
        or, a Returning Resident Permit (will no longer be accepted after December 31st, 2003). An individual who is neither a
        Canadian Citizen nor a Permanent Resident may present an Employment Authorization/Work Permit; a Student Authorization/
        Study Permit; a Visitor Record; a Permit to Come into or Remain in Canada/Temporary Resident Permit; an Extension of
        Permit/Extension to Temporary Resident Permit (will no longer be accepted after December 31st, 2005); a Determination of
        Eligibility/Consideration of Eligibility; a Consideration of Eligibility and CIC letter (when refugee claim is ineligible); or, a Diplomatic
        Identity Card issued by the Department of Foreign Affairs and International Trade (only Category "D", with a letter of permission
        of employment, is acceptable). (see: http://www.hrdc-drhc.gc.ca/sin-nas/t120_e.html)