HUMA Committee Report
If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.
INTRODUCTION
Over the past
five years, the Auditor General and this Committee have examined and reported on
problems associated with the management of the Social Insurance Number (SIN) and
the Social Insurance Register (SIR). On 28 November 2002, the Committee held a
meeting to review the findings of the Auditor General of Canada’s 2002 audit
of the SIN. On 13 February 2003, we held another meeting to examine Human
Resources Development Canada’s (HRDC) Action Plan to address the problems
identified in the Auditor General’s latest audit of the SIN.
Although we do
not know the exact size of the gap between the number of SINs issued and the
potential number of SIN users, we recognize that it will take some time to
restore integrity to the SIR. Members of the Committee are pleased that HRDC has
increased its fraud investigation activities, has developed a fraud-screening
program and has begun to develop a comprehensive risk management strategy for
conducting SIN investigations. We are also pleased that HRDC has begun to
de-activate dormant SINs and intends to introduce an expiry date on SINs used by
temporary residents.
While these
measures will undoubtedly serve to improve the quality of the data in the SIR,
the Committee has serious concerns with some of the other elements of HRDC’s
Action Plan to improve the SIN system. In particular, we do not know if the Plan
is fully funded and we doubt that the recent modifications to the documents that
may be used in applying for a SIN respect the requirements of the Employment
Insurance Act and Regulations. In addition, Members of the Committee believe
that more needs to be done to insure that SINs are used for their intended
purpose, and that HRDC establish deadlines for all initiatives in the Action
Plan and report regularly on progress implementing the Plan.
AN
OVERVIEW OF THE PROBLEM
The Social
Insurance Number (SIN) was created in 1964 as a file identifier for the Canada
Pension Plan, the Quebec Pension Plan and the Unemployment Insurance Program
(now Employment Insurance). However, the use of the SIN has grown considerably
since then, and has become a personal identifier in both the public and private
sectors. The Canada Employment
Insurance Commission is responsible for the administration of the SIN. Human
Resources Development Canada (HRDC) issues SINs on behalf of the Commission and
maintains the Social Insurance Register, which contains relevant information on
individuals who apply for a SIN.
It is important to note that HRDC does not have sole
responsibility for the SIN. The Treasury Board Secretariat is responsible for
developing policy and issuing guidelines that govern the use of the SIN at the
federal level. The Department of Justice provides legal advice on SIN-related
questions pertaining to the Privacy Act and responds to public inquiries
regarding inappropriate use of the SIN in the private sector. The Privacy
Commissioner investigates SIN-related complaints and monitors compliance with
the Privacy Act in his reports to Parliament.
Despite the ongoing vigilance of
the Auditor General of Canada, this Committee and others, the administration of
the SIN has been problematic for too many years. In 1998, the Auditor General
conducted an audit of the SIN and identified many problems with respect to the
way in which this activity is managed. This Committee also initiated a study of
the SIN system in the same year and tabled its unanimous report, entitled Beyond
the Numbers, on 4 May 1999. That report
contained 21 recommendations chief among which were: immediate action to correct
abuses of the management and control of the SIN system (with a draft bill — The Social Insurance Numbers Control Act — to be presented by 31 December 1999); a
government study of the longer term solutions with special attention to
data-matching and privacy, based on more complete information about the impact
and use of the SIN in the public and private sectors; regulatory reforms to deal
with abuse of temporary cards and an action plan with regard to timely
investigations of fraud, including progress reports to Parliament; a public
information campaign on the legitimate use of the SIN; and appropriate and
regulated exchange of vital statistics with the provincial and territorial
governments in order to maintain the integrity of the information
contained in the SIR.
The government tabled two responses in
the House of Commons to the Committee’s report. The first response, released
on 16 November 1999, dealt with administrative issues. In this response, the
government rejected the Committee’s recommendation for a new act to protect
SINs, since it believed that these would be protected through Bill C-6 — since proclaimed as the Personal
Information Protection and Electronic Documents Act — among other government actions
and plans. The government also rejected the idea of issuing new SIN cards with
biometric identification, because the government estimated the cost of issuing a
“smart” SIN card as somewhere between $1.2 billion and $3.6 billion
(excluding the additional costs to be incurred in the periodic re-registration
of SIN cardholders). As for the privacy concerns that the Committee put forward,
the government response maintained that the body of case law based on the Charter,
the Criminal Code and the Privacy
Act, responded to the Committee's concerns in terms of privacy protection in
the federally regulated sector. The
government agreed in full with the remaining recommendations and also agreed to
provide additional details on the administration of the SIN in HRDC’s annual
Performance Reports. The government also undertook to implement a communication
strategy to inform Canadians of the proper use of the SIN and to take steps to
ensure that only information clearly relevant to the verification of an
applicant's identity would be requested. It agreed to an expiry date for
temporary cards and indicated that existing temporary cards had been reviewed
and that those that were inactive (i.e., not used for 5 years) had been
identified.
The government's
second response, tabled on 31 December 1999, dealt with the Committee’s
policy-related recommendations. In this regard, the government rejected the idea
of new legislated restrictions on the use of the SIN and cited the increased
costs that this would entail for private businesses (whose use of the SIN for
their own purposes was unauthorized). The government also rejected the
suggestion to establish a national identity system, an issue that has resurfaced
following the horrific events of 11 September 2001. Finally, the government
reaffirmed that the existing SIN system was still appropriate (given its
announced intentions to improve the administration and control of the SIN).
During a meeting to discuss the government responses,
HRDC officials assured the Committee that SIN issues (including privacy) were
being appropriately dealt with by HRDC and that the Department was following
Treasury Board guidelines and the advice of the Privacy Commissioner with regard
to the administration of the SIN system. They also told the Committee that HRDC
would not be able to provide additional information regarding improvements to
the administration of the SIN system until various administrative issues (e.g.,
reports from 5 internal taskforces in the Spring of 2000, funding and passage of
the Personal Information Protection and Electronic Documents Act) had run their
course.
HRDC officials also repeated the arguments in the
response that Bill C-6 (enacted since as the Personal Information Protection and
Electronic Documents Act) would address SIN-related issues and that the
government wanted to avoid a debate that might prove inconsistent with the
proposed law. The Committee was
told that the SIN was only one element of a broad and ongoing debate related to
electronic commerce and the protection of personal information that was being
led by the Treasury Board.
In 2000, the Auditor General conducted a follow-up audit to the 1998
audit and reported that some improvements had been made in SIN records and that
the number of SIN-related fraud investigations had increased.
Given these findings and the expectation that HRDC was well on its way to
enhancing the integrity of the SIN, Members of this Committee were disappointed
with HRDC’s activities as reported in the Auditor General’s subsequent 2002
audit, that identified significant
and continuing inadequacies regarding SIN administration and the integrity of
the Social Insurance Register.
The September
2002 Report of the Auditor General found that:
- the Social Insurance Register
(SIR) still contains significant variances from population estimates. If
dormant SINs (i.e., 2.6 million) are removed from the SIR, there would still
be 2.4 million SINs more than the Canadian population over 20 years old;
- HRDC is using the SIN for some
of its own programs without obtaining the required approval from the
Treasury Board;
- although the Employment
Insurance Regulations specifically require HRDC to determine both the
identity and citizenship status of SIN applicants, HRDC does not respect the
intent of the Employment Insurance Act or Regulations in this regard;
- HRDC staff focus more on
satisfying the SIN applicant than on safeguarding the integrity of the SIN
application process;
- job responsibilities, training
tools and information for issuing SINs vary greatly among local HRDC
offices;
- since the 1998 audit, HRDC has
made no changes in the way it controls the 900-series SINs (i.e. temporary
SINs held by non-citizens and
non-residents);
- HRDC’s staff do not
systematically require applicants of a 900-series SIN to demonstrate why
they need a SIN, even though this is specified in the Employment Insurance
Act and Regulations;
- HRDC has not determined the
extent and nature of SIN-related fraud and it has not analysed the link
between the results of its fraud investigations and the risks associated
with the way the Department issues SIN cards; and
- there is still no formal training program for SIN investigators.
THE
ACTION PLAN
When the
Associate Deputy Minister of HRDC, Ms. Maryantonett Flumian, appeared before the
Committee on 28 November 2002, she promised to table HRDC’s Social Insurance
Number Action Plan with both the Auditor General and this Committee. Distributed
to Members of the Committee on 10 December 2002, this Plan consists of 14
initiatives, the successful completion of which is contingent on suitable
funding and the involvement of other federal departments and agencies. The 14
initiatives that comprise the current Action Plan are:
- to use the SIN only where
authorized by the Treasury Board;
- to ensure that the reporting
on improvements to quality of the information in the Social Insurance
Register (SIR) is clear;
- to ensure that policies and
practices for determining identity and citizenship status of SIN applicants
respect the intent of the Employment Insurance Act and Regulations;
- to re-consider goals for
900-series SINs and revise policies and practices accordingly;
- to assess the reliability of
all identity and citizenship documents accepted for SIN applications;
- to strengthen the Proof of
Identification program for SIN applications;
- to set goals for the
completeness and accuracy of the SIR and take the necessary steps to meet
them;
- to place an expiry date on
900-series SINs;
- to reduce the number of usable
SINs in the SIR;
- to adopt a risk-based approach
to investigating SIN-related fraud;
- to assess the effectiveness of
SIN public awareness activities;
- to develop a means of checking
the validity of identity and citizenship documents with the authorities that
issued them;
- to ensure that staff has the
proper training and tools; and
- to develop agreements with partners to improve the integrity of the SIR.
As noted in the Action Plan, HRDC
initiated a number of measures on 8 October 2002. These measures include
accepting only original identity documents for SIN applications, deactivating
SINs that have not been used in the previous five years and obtaining authority
to introduce expiry dates on 900-series SINs (i.e., those belonging to
individuals who are neither Canadian Citizens nor permanent residents). HRDC has also initiated discussions with Citizenship
and Immigration Canada for access to immigration data to establish proof of
identity and need for a SIN regarding applicants who are not permanent residents
and to validate the identity of foreign-born citizens. HRDC has also initiated
discussions with some provinces to validate SIN application information against
vital statistics information. In terms of staff training, HRDC has updated its
computer-based training course and provided staff with an Identification
Document Guide to help them recognize false documents. New tools, such as
ultraviolet lights, have also been provided to help staff detect false
documents.
While the
Committee is heartened by HRDC’s recent efforts to manage the SIN better, many
Members of the Committee are frustrated by the slow progress that this
Department has demonstrated in the past five years to address this very
important problem. We are also not convinced that HRDC’s current Action Plan
is sufficient to do the job.
I.
Funding
The Action Plan
states that the completion of each of the initiatives outlined above is
contingent on the availability of suitable funding. While this is
understandable, we are mindful of the fact that a lack of funding was cited as a
key reason for not fully implementing HRDC’s previous action plan to fix the
SIN. Many of us are concerned that HRDC has not yet demonstrated a strong enough
commitment to secure the necessary funding to implement its Action Plan. During
our meeting on 13 February 2003, the Assistant Auditor General, Ms. Maria
Barrados, said that “we expected that the Department would have a clear idea
of what the cost would be and would secure appropriate resources before
providing an action plan to the Committee.”1
We share this expectation.
During
the same meeting, the Associate Deputy Minister, Ms. Maryantonett Flumian,
indicated that HRDC had initiated all of the steps required to secure funding
for the Action Plan and that it expected to obtain these resources in
Supplementary Estimates for 2002-2003. Moreover, she indicated that some
resources have already been reallocated within HRDC to begin implementing the
Action Plan. We doubt very much that a one-time funding allocation will be
sufficient to improve the administration of the SIN and enhance the integrity of
the Social Insurance Register as outlined in the Action Plan. Since the
Associate Deputy Minister was unable to inform the Committee of the overall
costs associated with the Action Plan, Members of the Committee have no way of
knowing whether the funds that may be forthcoming in the Supplementary Estimates
will sufficiently cover Action Plan costs in the remainder of this fiscal year.
In addition, the Associate Deputy Minister did not address the issue of on-going
funding or assure the Committee that HRDC would identify internal funds to get
the job done in the event that additional funding cannot be obtained.
In
our opinion, the Department has delayed for far too long in committing the
financial resources necessary to fix the SIN. No doubt the funding of the Social
Insurance Number Action Plan will be one of the areas that this Committee
studies during its review of the Main Estimates for 2003-2004.
Recommendation
1. The
Committee recommends that the government ensure that adequate funding be made
available through new or existing sources so as to ensure the successful
implementation of all the elements of the Social Insurance Number Action Plan
and any other measure that may be required to restore the integrity of the SIN
and the SIR.
II. Respecting the Legislation
Underlying the SIN
As noted
previously, in her 2002 audit of the administration of the SIN, the Auditor
General expressed the view that HRDC’s SIN application process does not
respect the intent of the Employment Insurance Act or Regulations in determining
both the identity and citizenship status of SIN applicants.
According to
section 138 (2) of the Employment Insurance Act, the Canada Employment Insurance
Commission shall maintain a register containing the names of all insured persons
registered with the Commission and such other information as it determines is
required to identify accurately all persons so registered. To do this, the
Employment Insurance Regulations state that, among other things, every
application for the registration of a person shall be accompanied by such
documents and other information as is sufficient to determine the identity and
status (i.e., Canadian citizenship or immigration status) of the applicant.2
The Employment Insurance Regulations do not specify which documents are
considered sufficient to determine the identity of SIN applicants.
On 8 October
2002, HRDC announced that SIN applicants would be required to present one
original primary document from an approved list as proof of identity when
applying for a SIN.3 As in the past, some of these primary documents cannot be linked conclusively to
the applicant. For instance, an original birth certificate is an approved
primary document, but it does not in itself prove the identity of the applicant.
In our view a Canadian passport, for example, is a more rigorous proof of
identity document but, unfortunately, it is not on HRDC’s approved list.
Moreover, since some of the approved documents alone cannot prove the identity
of the applicant, Members of the Committee wonder why only one document is
required to apply for a SIN.
Many Members of
the Committee do not believe that the documents HRDC has decided to accept as
proof of identity currently allow the Department to establish conclusively the
identity of SIN applicants as required by the Employment Insurance Act and
Regulations. When the Associate Deputy Minister, Ms. Maryantonett Flumian,
appeared before the Committee on 13 February 2003, she indicated that HRDC
decided to accept, for the time being, the aforementioned list of primary
documents rather than establish a more rigorous application process. For the
longer term, HRDC sought the advice of an interdepartmental Committee, which is
supposed to report in September 2003 on other modifications HRDC can initiate
regarding this matter. In short, it would seem that HRDC opted for a half
measure, believing it to be an acceptable compromise between protecting the
integrity of the SIN and serving Canadians. However, many Members of the
Committee consider that the Department has settled for an application process
that neither conforms to the letter of the law nor minimizes the potential for compromising the SIN system.
Taking into
consideration the broader public-policy debate regarding issues of security in
the aftermath of the terrorists attacks in the United States on 11 September
2001 and the current Canadian debate on the need for a national identity card,
the Committee is well aware that establishing identity has taken on greater
importance in Canada as in other countries. The Committee is also aware that
identity fraud poses threats to privacy, security and the integrity of publicly
funded services. It is thus imperative that HRDC take immediate action to ensure
that it is meeting the requirements of the Employment Insurance Act and
Regulations for determining the citizenship and identity of SIN applicants. HRDC
could emulate the application process used in other federal programs where
additional controls have been put in place to verify the identity of applicants.
For example, the proof-of-identity program used by the Passport Office requires
that an eligible guarantor sign the application attesting to the authenticity
of the statements contained in the application and certifying that the photos
submitted are a true likeness of the applicant. As well, HRDC should take into
consideration the application process set up by Citizenship and Immigration
Canada that requires two pieces of identification with a photo and other primary
documents to establish proof of identity before issuing a Certificate of
Canadian Citizenship.
Recommendation
2. The Committee recommends that:
- Human Resources Development Canada immediately require all new applicants for a SIN to provide, in addition to one of the currently accepted primary documents, one other document that contains a photograph of the applicant (e.g., passport, driver’s licence, etc.) or, if photo identification is not possible, at least two other identification documents;
- By 1 January 2004, Human Resources Development Canada determine which type of photo identification documents will be required to apply for a Social Insurance Number, including photographs accompanied by a guarantor’s declaration like that required when applying for a Canadian Passport;
- Once the government has made a decision regarding photo identification documents, the government amend the Employment Insurance Regulations to list all acceptable identification documents and to require individuals to provide at least two original identity documents, including one photo identity document, when applying for a Social Insurance Number.
III. Appropriate Use of the SIN and Personal
Information on Applicants
As indicated in
the Action Plan, HRDC intends to develop a means of checking the validity of the
information provided by SIN applicants by comparing the information on identity
and citizenship documents with that contained in the vital statistics registries
of the provinces and territories. While Members of the Committee encourage HRDC
to establish this safeguard as quickly as possible, some of us are concerned
that such information sharing may pose certain threats to individuals’
privacy. Measures should be in place therefore to restrict access to those data
elements required to validate the information contained in the proof of identity
documentation submitted. Improving the proof of identity and citizenship
procedures in the SIN application process will go a long way in reducing the
scope and incidence of fraud and abuse, but this alone will not eliminate the
possibility that a SIN, once issued, may be fraudulently used to access publicly
funded programs. As the Auditor General pointed out in the 1998 audit of the
SIN, a secondary system of identity verification is necessary at the point of
use to confirm that the person presenting the card is in fact the person to whom
the card was assigned.
The
Committee is also concerned that HRDC has not provided any information that
would indicate that the de facto use of the SIN as a national identifier has
been curbed. The Associate Deputy
Minister stated that a public awareness campaign on the proper use of the SIN
was completed in 2001 and that an evaluation is underway to assess its
effectiveness. She told the Committee that, based on the results of that
evaluation, HRDC plans to develop and implement a communication strategy
targeting specific groups who may still be unaware of the appropriate use of a
SIN. The Committee will wait until this strategy is released, but Members of the
Committee would like to remind HRDC that, according to Chapter 11 of the 2002
Report of the Auditor General, the public awareness activities of 2001 and 2002
were limited in scope and that, as a consequence, a communication strategy to
reach a wider audience might be necessary and should be anticipated.
The
Committee is mindful of the fact that the Personal Information Protection and
Electronics Document Act will not be fully implemented until 2004. This law does
not specifically deal with the SIN, but captures it in the definition of
personal information. In conjunction with HRDC’s commitment to implement a
communication strategy, this law may be effective in curbing what many of us
perceive to be widespread inappropriate use of SINs. It is extremely
contradictory for the federal government to expect others to properly use the
SIN when it fails to do so itself. There is absolutely no excuse for HRDC’s
unauthorized use of the SIN in any of its programs. While the Action Plan
indicates that HRDC programs will be compliant with Treasury Board’s list of
programs authorized to use the SIN by March 2003, we are not convinced that this
problem is resolved. The Treasury Board Secretariat has initiated a
government-wide review of compliance of federal institutions with Treasury
Board’s policy on use of the SIN and is expected to report its findings to the
Treasury Board by June 2003.
Recommendation
3.
The Committee recommends that:
·
Human Resources Development Canada
reassess its plans for the 2003-2004 communication strategy to inform specific
groups on the proper use of the SIN with a view to delivering this strategy to a
larger public by using, for example, the national media as recommended in
Chapter 11 of the 2002 Report of the Auditor General of Canada;
·
The Treasury Board act quickly to
revise its policy and guidelines if warranted by the Secretariat’s findings
regarding compliance of federal institutions with policies on the use of the
SIN;
·
One year after the complete
implementation of the Personal Information Protection and Electronics Document
Act, the government conduct a review to determine if specific legislation is
required to curb the improper use of the SIN.
IV. Deadlines and Progress Reporting
It is virtually impossible to assess the
implementation and progress of HRDC’s Action Plan in the absence of deadlines
for specific actions and reports on progress. Of particular note, the Action
Plan is open-ended with respect to establishing a comprehensive baseline for the
completeness and reliability of the Social Insurance Register; to setting goals
for the completeness and accuracy of the Social Insurance Register; to finding
ways of strengthening the proof of identity for SIN applicants; and to
developing agreements with partners to improve the integrity of the Social
Insurance Register. These actions are vital to the success of HRDC’s Action
Plan. Members of the Committee believe that HRDC should be clearer as to when
these actions will be completed.
Although progress reporting was discussed during our
meeting on 28 November 2002 with the Auditor General, Ms. Sheila Fraser, and the
Associate
Deputy Minister, Ms. Maryantonett Flumian, the Action Plan does not provide for regular progress reports. In view of
HRDC’s past failure to address many of the problems identified in the Auditor
General’s 1998 audit and given the empty assurances provided by HRDC officials to the Committee during its follow-up meeting on Beyond
the Numbers, the Committee believes that the
Action Plan should provide for regular progress reports. In the absence of
regular reporting, the Auditor General of Canada, this Committee and any other
interested party will have no means to gauge the extent and speed of progress.
This is important not only in terms of the funding issue identified earlier, but
also in terms of monitoring the involvement and co-operation of other government
departments and agencies which play an important role in the implementation of
the Action Plan.
Recommendation
4. The Committee recommends that:
·
Human Resources Development
Canada include in its Action Plan deadlines for achieving all of the actions
associated with the 14 initiatives listed in the Plan;
·
Human Resources Development
Canada provide semi-annual progress reports to the Auditor General of Canada and
the Standing Committee on Human Resources Development and the Status of Persons
with Disabilities outlining the status of all of the actions associated with the
14 initiatives in the Plan. In
instances where deadlines are missed, an explanation and a description of
corrective action to be taken should be provided.
House of Commons Standing Committee on Human Resources Development and the Status of Persons with Disabilities,
Evidence (15:25), Meeting No. 13, 13 February 2003. 2 Employment Insurance Regulations, Part V, Administrative Provisions, Section 89. 3 A Canadian citizen or a Registered Indian may present a Certificate of Birth or Birth Certificate; a Certificate of Canadian
Citizenship; a Population List; or, a foreign birth certificate and Certificate of Indian Status (for Registered Indians born
outside Canada). A permanent resident may present a Permanent Resident Card; a Confirmation of Permanent Residence
and Visa counterfoil in foreign passport; a Confirmation of Permanent Residence and Visa counterfoil on Single Journey
Document for Resettlement to Canada; a Record of Landing (this document will be phased out starting June 2003 and
eliminated by December 31st, 2003); a Confirmation of Landing (will no longer be accepted after December 31st, 2003);
or, a Returning Resident Permit (will no longer be accepted after December 31st, 2003). An individual who is neither a
Canadian Citizen nor a Permanent Resident may present an Employment Authorization/Work Permit; a Student Authorization/
Study Permit; a Visitor Record; a Permit to Come into or Remain in Canada/Temporary Resident Permit; an Extension of
Permit/Extension to Temporary Resident Permit (will no longer be accepted after December 31st, 2005); a Determination of
Eligibility/Consideration of Eligibility; a Consideration of Eligibility and CIC letter (when refugee claim is ineligible); or, a Diplomatic
Identity Card issued by the Department of Foreign Affairs and International Trade (only Category "D", with a letter of permission
of employment, is acceptable). (see: http://www.hrdc-drhc.gc.ca/sin-nas/t120_e.html)